You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For systems that use systemd, there are various thing inadyn could do to make it safer to use by default. What I mean by "safer" is, specifically, restricting privileges of inadyn to the bare minimum of what it needs to function. The point is to facilitate defense-in-depth of internet facing services.
There are a few things I'm thinking of in particular:
Using tmpfiles/sysusers to automatically create an unprivileged user with the right permissions
Support for credentials to store passwords encrypted on the disk, and allow configs to access them in the service
I think (1) is pretty straight forward and uncontroversial, but I'm curious about your thoughts on (2) or maybe even (3). I'm willing to make PRs for these features. See also the Arch Linux package build that implements (2).
The text was updated successfully, but these errors were encountered:
For systems that use systemd, there are various thing inadyn could do to make it safer to use by default. What I mean by "safer" is, specifically, restricting privileges of inadyn to the bare minimum of what it needs to function. The point is to facilitate defense-in-depth of internet facing services.
There are a few things I'm thinking of in particular:
ProtectHome=, orRestrictNamespace=I think (1) is pretty straight forward and uncontroversial, but I'm curious about your thoughts on (2) or maybe even (3). I'm willing to make PRs for these features. See also the Arch Linux package build that implements (2).
The text was updated successfully, but these errors were encountered: