Back to Security Pattern Catalog




Secure Resource Pooling


Classification Key : Core Security, Elevation of Privilege

Problem

The consequences of security compromise are worse for daemon processes because they have a long lifetime. How can the vulnerability associated with daemon processes be minimized?

Solution

Limit the lifetime of daemon processes and fork them again after a configurable, short lifetime. Limit the number of requests handled by the daemon processes. Run the daemons in a contained environment to minimize the exploits.

Known Uses

Resource Pooling in Apache Server and Postfix.

Related Patterns

Protected System, Security Association

Source

Hafiz et. al.

Tags

Resource Pooling, Pre-forking, Daemon Process


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz