Stefan Behte wrote:
AFAIK other products like apache solve this problem by running a main process as root and dropping privileges/capabilities in subprocesses/threads that handle the connections. If you want to kill -HUP apache, you send it to the main process, not a process running with lower privileges.
To be honest, I do not like the way stunnel currently handles this, when I send a -HUP, I expect it to reload my config, without exceptions. Well, it is a design decision, a workaround exists and it's documented, but still...
It's a good idea, but quite tough to implement. It would require passing socket descriptors, configuration file, certificates, private keys, CRLs, and possibly other stuff between processes with different permissions. I have updated my TODO list: http://www.stunnel.org/?page=sdf_todo Alternatively I could just drop support for setuid and chroot, as my budget is much smaller than the budget of Apache Foundation: http://www.apache.org/foundation/records/minutes/2010/board_minutes_2010_04_... Mike