Date: Wed, 20 May 2009 14:43:57 -0700 From: perryh@pluto.rain.com To: alexus@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: proftpd TLS Message-ID: <4a14799d.ZY4je8ybkiXA5l8q%perryh@pluto.rain.com> In-Reply-To: <6ae50c2d0905200719sf099123g769920981b84efcc@mail.gmail.com> References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <c1e7523f0905191126o317b254aia654ed83cd141f5@mail.gmail.com> <6ae50c2d0905191218mca27c81o67a7e2f0a2a37ca8@mail.gmail.com> <200905201346.33032.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com> <6ae50c2d0905200719sf099123g769920981b84efcc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
alexus <alexus@gmail.com> wrote: > ... i guess my main concern it not to run it as root now AFAIK it is normal for a daemon to run as root if it expects to receive login credentials: * For any but the most minimal authentication scheme, it must be root to authenticate the credentials. (A scheme which enables an untrusted program to authenticate login credentials is vulnerable to brute-force attacks.) * Regardless of the authentication scheme, it must be root in order to assume the identity of the newly logged in user.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a14799d.ZY4je8ybkiXA5l8q%perryh>