[tripe] / priv / tripe-privhelper.8.in

.\" -*-nroff-*-
.\".
.\" Manual for the server
.\"
.\" (c) 2008 Straylight/Edgeware
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
.\" TrIPE is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2 of the License, or
.\" (at your option) any later version.
.\"
.\" TrIPE is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with TrIPE; if not, write to the Free Software Foundation,
.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
.TH tripe-privhelper 8 "28 April 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
tripe-privhelper \- privilege-separation helper program
.
.\"--------------------------------------------------------------------------
.SH "SYNOPSIS"
.
This program communicates using a binary protocol over a Unix-domain
socket on file descriptor 0.  It is not intended to be run
interactively.
.
.\"--------------------------------------------------------------------------
.SH "DESCRIPTION"
.
The
.BR tripe (8)
server usually needs superuser privileges in order to open new tunnel
devices, through which it collects and emits network packets.  In order
to prevent the whole system needing to be run as root, the server splits
off a child process and then drops its privileges; the child process
runs this program.
.PP
The
.B tripe-privhelper
program reads requests for tunnel devices on file descriptor 0 and
responds with appropriate file descriptors (using Unix-domain socket
file descriptor passing: see
.BR unix (7))
for correctly configured tunnel devices.
.
.\"--------------------------------------------------------------------------
.SH "BUGS"
.
The objective of the privilege separation model is to reduce the attack
surface for the code running with superuser privileges down to a simple
binary protocol.  There may still be bugs in the small program which
runs as root.
.PP
The `unprivileged' portion of the server still runs with the ability to
read and write arbitrary data on tunnel devices.  In particular, if
compromised, it can inject arbitrary packets into the network.  This is
unfortunately inherent in the nature of a VPN server.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.BR tripe (8).
.PP
.IR "The Trivial IP Encryption Protocol" ,
.IR "The Wrestlers Protocol" .
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
.
Mark Wooding, <mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------
Commit	Line	Data
388e0319 MW	1	.\" --nroff--
	2	.\".
	3	.\" Manual for the server
	4	.\"
	5	.\" (c) 2008 Straylight/Edgeware
	6	.\"
	7	.
	8	.\"----- Licensing notice ---------------------------------------------------
	9	.\"
	10	.\" This file is part of Trivial IP Encryption (TrIPE).
	11	.\"
	12	.\" TrIPE is free software; you can redistribute it and/or modify
	13	.\" it under the terms of the GNU General Public License as published by
	14	.\" the Free Software Foundation; either version 2 of the License, or
	15	.\" (at your option) any later version.
	16	.\"
	17	.\" TrIPE is distributed in the hope that it will be useful,
	18	.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	.\" GNU General Public License for more details.
	21	.\"
	22	.\" You should have received a copy of the GNU General Public License
	23	.\" along with TrIPE; if not, write to the Free Software Foundation,
	24	.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25	.
	26	.\"--------------------------------------------------------------------------
e99aedcf	27	.so ../common/defs.man \" @@@PRE@@@
388e0319 MW	28	.
	29	.\"--------------------------------------------------------------------------
	30	.TH tripe-privhelper 8 "28 April 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
	31	.
	32	.\"--------------------------------------------------------------------------
	33	.SH "NAME"
	34	.
	35	tripe-privhelper \- privilege-separation helper program
	36	.
	37	.\"--------------------------------------------------------------------------
	38	.SH "SYNOPSIS"
	39	.
	40	This program communicates using a binary protocol over a Unix-domain
	41	socket on file descriptor 0. It is not intended to be run
	42	interactively.
	43	.
	44	.\"--------------------------------------------------------------------------
	45	.SH "DESCRIPTION"
	46	.
	47	The
	48	.BR tripe (8)
	49	server usually needs superuser privileges in order to open new tunnel
	50	devices, through which it collects and emits network packets. In order
	51	to prevent the whole system needing to be run as root, the server splits
	52	off a child process and then drops its privileges; the child process
	53	runs this program.
	54	.PP
	55	The
	56	.B tripe-privhelper
	57	program reads requests for tunnel devices on file descriptor 0 and
	58	responds with appropriate file descriptors (using Unix-domain socket
	59	file descriptor passing: see
	60	.BR unix (7))
	61	for correctly configured tunnel devices.
	62	.
	63	.\"--------------------------------------------------------------------------
	64	.SH "BUGS"
	65	.
	66	The objective of the privilege separation model is to reduce the attack
	67	surface for the code running with superuser privileges down to a simple
	68	binary protocol. There may still be bugs in the small program which
	69	runs as root.
	70	.PP
	71	The `unprivileged' portion of the server still runs with the ability to
	72	read and write arbitrary data on tunnel devices. In particular, if
	73	compromised, it can inject arbitrary packets into the network. This is
	74	unfortunately inherent in the nature of a VPN server.
	75	.
	76	.\"--------------------------------------------------------------------------
	77	.SH "SEE ALSO"
	78	.
	79	.BR tripe (8).
	80	.PP
	81	.IR "The Trivial IP Encryption Protocol" ,
	82	.IR "The Wrestlers Protocol" .
	83	.
	84	.\"--------------------------------------------------------------------------
	85	.SH "AUTHOR"
	86	.
	87	Mark Wooding, <mdw@distorted.org.uk>
	88	.
	89	.\"----- That's all, folks --------------------------------------------------