| 1 | .\" -*-nroff-*- |
| 2 | .\". |
| 3 | .\" Manual for the server |
| 4 | .\" |
| 5 | .\" (c) 2008 Straylight/Edgeware |
| 6 | .\" |
| 7 | . |
| 8 | .\"----- Licensing notice --------------------------------------------------- |
| 9 | .\" |
| 10 | .\" This file is part of Trivial IP Encryption (TrIPE). |
| 11 | .\" |
| 12 | .\" TrIPE is free software; you can redistribute it and/or modify |
| 13 | .\" it under the terms of the GNU General Public License as published by |
| 14 | .\" the Free Software Foundation; either version 2 of the License, or |
| 15 | .\" (at your option) any later version. |
| 16 | .\" |
| 17 | .\" TrIPE is distributed in the hope that it will be useful, |
| 18 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | .\" GNU General Public License for more details. |
| 21 | .\" |
| 22 | .\" You should have received a copy of the GNU General Public License |
| 23 | .\" along with TrIPE; if not, write to the Free Software Foundation, |
| 24 | .\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 25 | . |
| 26 | .\"-------------------------------------------------------------------------- |
| 27 | .so ../common/defs.man \" @@@PRE@@@ |
| 28 | . |
| 29 | .\"-------------------------------------------------------------------------- |
| 30 | .TH tripe-privhelper 8 "28 April 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
| 31 | . |
| 32 | .\"-------------------------------------------------------------------------- |
| 33 | .SH "NAME" |
| 34 | . |
| 35 | tripe-privhelper \- privilege-separation helper program |
| 36 | . |
| 37 | .\"-------------------------------------------------------------------------- |
| 38 | .SH "SYNOPSIS" |
| 39 | . |
| 40 | This program communicates using a binary protocol over a Unix-domain |
| 41 | socket on file descriptor 0. It is not intended to be run |
| 42 | interactively. |
| 43 | . |
| 44 | .\"-------------------------------------------------------------------------- |
| 45 | .SH "DESCRIPTION" |
| 46 | . |
| 47 | The |
| 48 | .BR tripe (8) |
| 49 | server usually needs superuser privileges in order to open new tunnel |
| 50 | devices, through which it collects and emits network packets. In order |
| 51 | to prevent the whole system needing to be run as root, the server splits |
| 52 | off a child process and then drops its privileges; the child process |
| 53 | runs this program. |
| 54 | .PP |
| 55 | The |
| 56 | .B tripe-privhelper |
| 57 | program reads requests for tunnel devices on file descriptor 0 and |
| 58 | responds with appropriate file descriptors (using Unix-domain socket |
| 59 | file descriptor passing: see |
| 60 | .BR unix (7)) |
| 61 | for correctly configured tunnel devices. |
| 62 | . |
| 63 | .\"-------------------------------------------------------------------------- |
| 64 | .SH "BUGS" |
| 65 | . |
| 66 | The objective of the privilege separation model is to reduce the attack |
| 67 | surface for the code running with superuser privileges down to a simple |
| 68 | binary protocol. There may still be bugs in the small program which |
| 69 | runs as root. |
| 70 | .PP |
| 71 | The `unprivileged' portion of the server still runs with the ability to |
| 72 | read and write arbitrary data on tunnel devices. In particular, if |
| 73 | compromised, it can inject arbitrary packets into the network. This is |
| 74 | unfortunately inherent in the nature of a VPN server. |
| 75 | . |
| 76 | .\"-------------------------------------------------------------------------- |
| 77 | .SH "SEE ALSO" |
| 78 | . |
| 79 | .BR tripe (8). |
| 80 | .PP |
| 81 | .IR "The Trivial IP Encryption Protocol" , |
| 82 | .IR "The Wrestlers Protocol" . |
| 83 | . |
| 84 | .\"-------------------------------------------------------------------------- |
| 85 | .SH "AUTHOR" |
| 86 | . |
| 87 | Mark Wooding, <mdw@distorted.org.uk> |
| 88 | . |
| 89 | .\"----- That's all, folks -------------------------------------------------- |