Back to Security Pattern Catalog
Secure Resource Pooling
: Core Security, Elevation of Privilege
The consequences of security compromise are worse for daemon processes because they have a long lifetime.
How can the vulnerability associated with daemon processes be minimized?
Limit the lifetime of daemon processes and fork them again after a configurable, short lifetime. Limit the number of requests handled by the daemon processes. Run the daemons in a contained environment to minimize the exploits.
Resource Pooling in Apache Server and Postfix.
Protected System, Security Association
Hafiz et. al.
Resource Pooling, Pre-forking, Daemon Process
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz