X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/6ebbf072683ac7ea09a0aaafa0bb12fc0678d068..388e0319a0faf48193658c82228133bd1ea24eb6:/priv/tripe-privhelper.8.in diff --git a/priv/tripe-privhelper.8.in b/priv/tripe-privhelper.8.in new file mode 100644 index 00000000..ea4a43fd --- /dev/null +++ b/priv/tripe-privhelper.8.in @@ -0,0 +1,89 @@ +.\" -*-nroff-*- +.\". +.\" Manual for the server +.\" +.\" (c) 2008 Straylight/Edgeware +.\" +. +.\"----- Licensing notice --------------------------------------------------- +.\" +.\" This file is part of Trivial IP Encryption (TrIPE). +.\" +.\" TrIPE is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" TrIPE is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with TrIPE; if not, write to the Free Software Foundation, +.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +. +.\"-------------------------------------------------------------------------- +.so ../defs.man.in \" @@@PRE@@@ +. +.\"-------------------------------------------------------------------------- +.TH tripe-privhelper 8 "28 April 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" +. +.\"-------------------------------------------------------------------------- +.SH "NAME" +. +tripe-privhelper \- privilege-separation helper program +. +.\"-------------------------------------------------------------------------- +.SH "SYNOPSIS" +. +This program communicates using a binary protocol over a Unix-domain +socket on file descriptor 0. It is not intended to be run +interactively. +. +.\"-------------------------------------------------------------------------- +.SH "DESCRIPTION" +. +The +.BR tripe (8) +server usually needs superuser privileges in order to open new tunnel +devices, through which it collects and emits network packets. In order +to prevent the whole system needing to be run as root, the server splits +off a child process and then drops its privileges; the child process +runs this program. +.PP +The +.B tripe-privhelper +program reads requests for tunnel devices on file descriptor 0 and +responds with appropriate file descriptors (using Unix-domain socket +file descriptor passing: see +.BR unix (7)) +for correctly configured tunnel devices. +. +.\"-------------------------------------------------------------------------- +.SH "BUGS" +. +The objective of the privilege separation model is to reduce the attack +surface for the code running with superuser privileges down to a simple +binary protocol. There may still be bugs in the small program which +runs as root. +.PP +The `unprivileged' portion of the server still runs with the ability to +read and write arbitrary data on tunnel devices. In particular, if +compromised, it can inject arbitrary packets into the network. This is +unfortunately inherent in the nature of a VPN server. +. +.\"-------------------------------------------------------------------------- +.SH "SEE ALSO" +. +.BR tripe (8). +.PP +.IR "The Trivial IP Encryption Protocol" , +.IR "The Wrestlers Protocol" . +. +.\"-------------------------------------------------------------------------- +.SH "AUTHOR" +. +Mark Wooding, +. +.\"----- That's all, folks --------------------------------------------------