Stefan Behte wrote:
AFAIK other products like apache solve this problem by running a main process as root and dropping privileges/capabilities
in
subprocesses/threads that handle the connections. If you want to kill
-HUP
apache, you send it to the main process, not a process running with
lower
privileges.
To be honest, I do not like the way stunnel currently handles this, when
I
send a -HUP, I expect it to reload my config, without exceptions. Well,
it
is a design decision, a workaround exists and it's documented, but
still...
It's a good idea, but quite tough to implement. It would require passing socket descriptors, configuration file, certificates, private keys, CRLs, and possibly other stuff between processes with different permissions.
I have updated my TODO list: http://www.stunnel.org/?page=sdf_todo
Alternatively I could just drop support for setuid and chroot, as my budget is much smaller than the budget of Apache Foundation: http://www.apache.org/foundation/records/minutes/2010/board_minutes_2010_04_...
Mike