mdw@git.distorted.org.uk Git - tripe/blob - priv/tripe-privhelper.8.in

   1 .\" -*-nroff-*-
   2 .\".
   3 .\" Manual for the server
   4 .\"
   5 .\" (c) 2008 Straylight/Edgeware
   6 .\"
   7 .
   8 .\"----- Licensing notice ---------------------------------------------------
   9 .\"
  10 .\" This file is part of Trivial IP Encryption (TrIPE).
  11 .\"
  12 .\" TrIPE is free software: you can redistribute it and/or modify it under
  13 .\" the terms of the GNU General Public License as published by the Free
  14 .\" Software Foundation; either version 3 of the License, or (at your
  15 .\" option) any later version.
  16 .\"
  17 .\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
  18 .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  19 .\" FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  20 .\" for more details.
  21 .\"
  22 .\" You should have received a copy of the GNU General Public License
  23 .\" along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
  24 .
  25 .\"--------------------------------------------------------------------------
  26 .so ../common/defs.man \" @@@PRE@@@
  27 .
  28 .\"--------------------------------------------------------------------------
  29 .TH tripe-privhelper 8tripe "28 April 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
  30 .
  31 .\"--------------------------------------------------------------------------
  32 .SH "NAME"
  33 .
  34 tripe-privhelper \- privilege-separation helper program
  35 .
  36 .\"--------------------------------------------------------------------------
  37 .SH "SYNOPSIS"
  38 .
  39 This program communicates using a binary protocol over a Unix-domain
  40 socket on file descriptor 0.  It is not intended to be run
  41 interactively.
  42 .
  43 .\"--------------------------------------------------------------------------
  44 .SH "DESCRIPTION"
  45 .
  46 The
  47 .BR tripe (8)
  48 server usually needs superuser privileges in order to open new tunnel
  49 devices, through which it collects and emits network packets.  In order
  50 to prevent the whole system needing to be run as root, the server splits
  51 off a child process and then drops its privileges; the child process
  52 runs this program.
  53 .PP
  54 The
  55 .B tripe-privhelper
  56 program reads requests for tunnel devices on file descriptor 0 and
  57 responds with appropriate file descriptors (using Unix-domain socket
  58 file descriptor passing: see
  59 .BR unix (7))
  60 for correctly configured tunnel devices.
  61 .
  62 .\"--------------------------------------------------------------------------
  63 .SH "BUGS"
  64 .
  65 The objective of the privilege separation model is to reduce the attack
  66 surface for the code running with superuser privileges down to a simple
  67 binary protocol.  There may still be bugs in the small program which
  68 runs as root.
  69 .PP
  70 The `unprivileged' portion of the server still runs with the ability to
  71 read and write arbitrary data on tunnel devices.  In particular, if
  72 compromised, it can inject arbitrary packets into the network.  This is
  73 unfortunately inherent in the nature of a VPN server.
  74 .
  75 .\"--------------------------------------------------------------------------
  76 .SH "SEE ALSO"
  77 .
  78 .BR tripe (8).
  79 .PP
  80 .IR "The Trivial IP Encryption Protocol" ,
  81 .IR "The Wrestlers Protocol" .
  82 .
  83 .\"--------------------------------------------------------------------------
  84 .SH "AUTHOR"
  85 .
  86 Mark Wooding, <mdw@distorted.org.uk>
  87 .
  88 .\"----- That's all, folks --------------------------------------------------