[Bug 491510] Re: MIR for monit.
Martin Pitt
martin.pitt at ubuntu.com
Mon Dec 21 09:07:32 UTC 2009
What I don't like is that it's a single-binary, network-facing process
running as root, which seems very dangerous to have given that most of
its operations can be done as unprivileged system user (pinging local
services, etc.). I'd much rather have a small suid root callout which
can restart processes (factor out the only thing that requires root),
and have the main daemon run as "monitdaemon" without particular
privileges.
If that's too much effort, can this get a very restrictive apparmor
profile which greatly restricts file system read/write access and drops
unnecessary capabilities?
Packaging looks fine.
** Changed in: monit (Ubuntu Lucid)
Status: New => Incomplete
--
MIR for monit.
https://bugs.launchpad.net/bugs/491510
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list