tincctl patches
Guus Sliepen
guus at tinc-vpn.org
Fri Nov 9 13:44:46 CET 2007
On Thu, Nov 08, 2007 at 11:23:02AM -0800, Scott Lamb wrote:
> Scott Lamb wrote:
> > Since I've already basically written control-socket-dir.patch, I'm
> > likely to just use it, or even a pared-down version that instead of
> > using chdir() just assumes the sysadmin will take care of his/her own
> > permissions on $LOCALSTATEDIR/run and parents or risk a minor race
> > condition.
>
> Ugh. AIX manpages allege that they can't handle relative paths, so I
> scratched the chdir(). I was a bit uncomfortable with changing global
> state, etc. - it's possible tinc would segfault during that time or
> couldn't get back to the original dir.
>
> We can add a handshake later if you want.
AIX? I didn't know tinc ran on that :) Anyway, just go with the secured
directory approach. The handshake is an option. Binding to < 1024 ports
is not, because then you lose the ability to run tinc as a normal user.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20071109/f6cf104a/attachment.pgp
More information about the tinc-devel
mailing list