Back to Security Pattern Catalog

Secure Resource Pooling

Classification Key : Core Security, Elevation of Privilege


The consequences of security compromise are worse for daemon processes because they have a long lifetime. How can the vulnerability associated with daemon processes be minimized?


Limit the lifetime of daemon processes and fork them again after a configurable, short lifetime. Limit the number of requests handled by the daemon processes. Run the daemons in a contained environment to minimize the exploits.

Known Uses

Resource Pooling in Apache Server and Postfix.

Related Patterns

Protected System, Security Association


Hafiz et. al.


Resource Pooling, Pre-forking, Daemon Process


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz