[stunnel-users] Q: rereading configuration file?

Michal Trojnara Michal.Trojnara at mobi-com.net
Tue Feb 1 16:02:51 CET 2005


Peter Pentchev wrote:

> Part of the reason that I think this has not been done is that in most
> cases (at least under Unix), stunnel is running in a chroot jail for
> security reasons.  If so, the stunnel process that receives the signal
> has absolutely no way to access the config file - it is most probably
> outside the chroot tree where the stunnel process operates.

Of course rereading configuration file won't be compatible with chroot 
(unless you place a copy of the configuration file/certificate/etc. inside 
the chroot jail).
Another obvious problem I expect is the setuid option and binding ports 
below 1024.  8-)

Rereading of the configuration file is on my TODO aka waiting-for-a-sponsor 
list, anyway.
http://stunnel.mirt.net/todo_sdf.html

Best regards,
    Mike 




More information about the stunnel-users mailing list