Temporarily drop permissions
See "suid demystified" paper. We drop permissions, but keep a
saved UID. Then we restore permissions while binding to sockets.
This lets us run as an unprivileged user, but still bind to privileged
ports.
TO DO: add '-u user -g group -R chroot' to command-line options,
and switch UIDs *immediately* on start. This minimizes the amount
of code that runs as root.
TO DO: move suidup/down calls to wrap the bind() calls, and the BINDTODEVICE
calls, to even further minimize the code.
projects / freeradius.git / commit