Run bird under own user (!9267) · Merge requests · alpine / aports

Timothée Floure requested to merge fnux/aports:bird-user into master Jun 15, 2020

BIRD, as a routing daemon, uses several privileged operations (like setting routing table and using raw sockets). Traditionally, BIRD is executed and runs with root privileges, which may be prone to security problems. The recommended way is to use a privilege restriction (options -u, -g). In that case BIRD is executed with root privileges, but it changes its user and group ID to an unprivileged ones, while using Linux capabilities to retain just required privileges (capabilities CAP_NET_*). Note that the control socket is created before the privileges are dropped, but the config file is read after that. The privilege restriction is not implemented in BSD port of BIRD.

Edited Aug 02, 2020 by Timothée Floure

Run bird under own user

Merge request reports