Re: Perl as a daemon... as root?

At what point should the daemon be granted authority to change network settings? Run it as root all the time? Run it as special user with restriced password-less sudo access? What is the general recommendation for a daemon like this to keep security at a "reasonable" level? Are there any perl gotchas I should be aware of in this case?

If your daemon is well behaved, there's no reason to not run it as root. Well behaved means at least:

runs under -T
doesn't eval other than as use or require
doesn't accept bogus input
is safely coded to not hog any resource
closes STDIN and STDOUT and re-opens STDERR to syslog
has a well-defined interface to process input
can be killed any time without leaving a mess
...

Dropping privileges is good for daemons exposed to the AB (anonymous bastard), like web- and mail servers. Your daemon doesn't seem to be exposed in that way; it is running on the local system and might accept input from a local user (only). So there's no point in dropping privs and re-gaining them later to do the tasks the daemon is written for: you would only make more "red lights blink" (e.g. passwordless sudo) elsewhere.

How can I make a perl program to listen to/detect this kind of input?

Your daemon, apart from setting up an initial state at startup, seems to be event driven, so I'd look up things by that keyword (Super Search). A socket interface might be the way to go for user input. Have a look at POE.

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: Perl as a daemon... as root?

Replies are listed 'Best First'.
Re^2: Perl as a daemon... as root? by Anno (Deacon) on Jul 30, 2007 at 10:16 UTC
...So there's no point in dropping privs and re-gaining them later to do the tasks the daemon is written for: you would only make more "red lights blink" (e.g. passwordless sudo) elsewhere. If the system supports `setreuid()` (Linux does), you don't need sudo to switch the userid. Start the script under root (or another privileged id), then drop privileges immediately. When an action needs root privileges again, that can be done with a local change to the effective uid `$>`: `print "real: $<, effective $>\n"; $> = 1000; # drop privileges print "real: $<, effective $>\n"; { # locally regain privileges local $> = 0; $> == 0 or die "Insufficient privileges, run script as root"; print "real: $<, effective $>\n"; } # unprivileged again print "real: $<, effective $>\n";` [download] That works without compromising security in any way. Anno	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^2: Perl as a daemon... as root?
by Anno (Deacon) on Jul 30, 2007 at 10:16 UTC

So there's no point in dropping privs and re-gaining them later to do the tasks the daemon is written for: you would only make more "red lights blink" (e.g. passwordless sudo) elsewhere.

If the system supports setreuid() (Linux does), you don't need sudo to switch the userid. Start the script under root (or another privileged id), then drop privileges immediately. When an action needs root privileges again, that can be done with a local change to the effective uid $>:

print "real: $<, effective $>\n";
$> = 1000; # drop privileges
print "real: $<, effective $>\n";
{
    # locally regain privileges
    local $> = 0;
    $> == 0 or die "Insufficient privileges, run script as root";
    print "real: $<, effective $>\n";
}
# unprivileged again
print "real: $<, effective $>\n";
[download]

Anno

[reply]
[d/l]
[select]