Opened 8 years ago

Closed 8 years ago

#3108 closed Enhancement (duplicate)

options to chroot and setuid/setgid for daemon

Reported by: User294 Owned by:
Priority: Low Milestone: None Set
Component: Transmission Version: 1.92
Severity: Minor Keywords: chroot setgit setuid security
Cc:

Description

In cases when security matters, it is a good practice to chroot daemon into it's own directory, etc so daemon could only access very few files and can't access other files in system where it runs. So far Transmission not seems to allow this.

Also, in some cases, networked daemons may want to start with elevated ("root") rights (for example to use ports below 1024 easily or to be able to access some files which will be unavailable later, etc). But after start daemon drops these rights by taking UID and GID of user specified in daemon's configuration and continues to run under restricted user.

These two features (chroot, setuid and setgid) is very common practice for networked daemons and I believe Transmission's daemon would become better if it would allow to do the same (as any other decent networking daemon does). This will allow to improve system security in cases when daemon getting exploited due to bugs, etc.

Change History (3)

comment:1 Changed 8 years ago by charles

  • Summary changed from Idea: options to chroot and setuid/setgid for daemon, to options to chroot and setuid/setgid for daemon
  • Version changed from 1.92+ to 1.92

comment:2 Changed 8 years ago by Elbandi

duplicate: #2189

comment:3 Changed 8 years ago by charles

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.