/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-08-09 23:37:07 UTC
  • mto: (237.7.304 trunk)
  • mto: This revision was merged to the branch mainline in revision 323.
  • Revision ID: teddy@recompile.se-20140809233707-6c5qyievp78lnzf1
askpass-fifo: Lower privileges after opening FIFO.

* plugins.d/askpass-fifo.c (main): Lower privileges after opening FIFO.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2014-03-01">
 
5
<!ENTITY TIMESTAMP "2014-06-22">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
261
261
          <para>
262
262
            <replaceable>NAME</replaceable> can be the string
263
263
            <quote><literal>none</literal></quote>; this will make
264
 
            <command>&COMMANDNAME;</command> not bring up
265
 
            <emphasis>any</emphasis> interfaces specified
266
 
            <emphasis>after</emphasis> this string.  This is not
267
 
            recommended, and only meant for advanced users.
 
264
            <command>&COMMANDNAME;</command> only bring up interfaces
 
265
            specified <emphasis>before</emphasis> this string.  This
 
266
            is not recommended, and only meant for advanced users.
268
267
          </para>
269
268
        </listitem>
270
269
      </varlistentry>
749
748
    <para>
750
749
      It will also help if the checker program on the server is
751
750
      configured to request something from the client which can not be
752
 
      spoofed by someone else on the network, unlike unencrypted
753
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
751
      spoofed by someone else on the network, like SSH server key
 
752
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
753
      echo (<quote>ping</quote>) replies.
754
754
    </para>
755
755
    <para>
756
756
      <emphasis>Note</emphasis>: This makes it completely insecure to