Tidy up DESIGN. It was hopelessly out of date.

This commit is contained in:
Nicholas J. Kain 2011-05-01 21:05:39 -04:00
parent 59beb159d3
commit 03f0e8719e

21
DESIGN
View File

@ -36,35 +36,28 @@ Goals:
instead the program should promptly exit. Dead programs instead the program should promptly exit. Dead programs
don't cause exploits. don't cause exploits.
5. Portability 3. Portability
a. Portability is good, but portability may not be as wide as a. Portability is good, but portability may not be as wide as
a less secure program. Capabilities or MAC are not well a less secure program. Capabilities or MAC are not well
standardized, but remain necessary features. standardized, but remain necessary features.
b. Aside from the previous caveat, try to be as portable as 4. Miscellaneous
possible. At the very least, the dhcp client daemon
should be easily portable (only broadcast and perhaps RAW
packets are necessary).
98. Speed a. Speed: If we aren't required to sacrifice anything more
a. If we aren't required to sacrifice anything more
important, it's always good to be fast. important, it's always good to be fast.
99. Size a. Size: If we aren't required to sacrifice anything more
a. If we aren't required to sacrifice anything more
important, it's always good to be frugal. important, it's always good to be frugal.
Layout: Layout:
ndhc daemon (root -> chroot -> drop all !(CAP_NET_BROADCAST|CAP_NET_RAW) ndhc daemon (root -> chroot -> drop all !(CAP_NET_BROADCAST|CAP_NET_RAW)
-> nopriv) -> nopriv)
* handles dhcp protocol issues * handles dhcp protocol issues, netlink hw link notifications, and ARP checks
* keeps track of leases * keeps track of leases
* talks to ndhif to perform tasks that require * talks to ifchd to perform tasks that require
higher privileges than CAP_NET_BROADCAST or CAP_NET_RAW higher privileges than CAP_NET_BROADCAST or CAP_NET_RAW
ifchd daemon (root -> openfd -> chroot -> drop all !CAP_NET_ADMIN -> nopriv) ifchd daemon (root -> openfd -> chroot -> drop all !CAP_NET_ADMIN -> nopriv)