> There are more ways for a potential attacker to get at the server. So, Rocket at least looks like they're trying to shrink the attack surface.
hm.. I don't think that's a given at all! There's been many issues with setuid-root programs. And I've seen that the OpenBSD guys favor privilege separation by breaking breaking up daemons into several parts that communicate using a very strict set of commands. For example a dockerd that does most of the work, but talks to another daemon (dockerd-root) when it needs to do anything privileged.
hm.. I don't think that's a given at all! There's been many issues with setuid-root programs. And I've seen that the OpenBSD guys favor privilege separation by breaking breaking up daemons into several parts that communicate using a very strict set of commands. For example a dockerd that does most of the work, but talks to another daemon (dockerd-root) when it needs to do anything privileged.
OpenSMTPD example: https://www.opensmtpd.org/presentations/asiabsdcon2013-smtpd...
OpenSSH: Initial efort, 2002: http://www.citi.umich.edu/u/provos/ssh/privsep.html
http://www.openbsd.org/papers/openssh-measures-asiabsdcon200... - Page 16 ->