Main daemon should not be run as root (app.py)

[belavina]

At the moment app.py is run as root due to snmp port binding to :161. This is a major security vulnerability (app is open to script injection etc.).

[ctyler]

Traditional approach to this would be to start as root, open the port, and then drop root privilege. Example in Python: http://antonym.org/2005/12/dropping-privileges-in-python.html -- but you also need os.setgroups([]) to ensure that you don't have elevated privilege due to group membership.

However, a more advanced approach is to use capabilities(7) (see: "man 7 capabilities") which provides finer-grained privilege control than the traditional all/nothing approach -- see capsh(1), filecap(8), and setcap(8) for file-based capability setting (set maximum capabilities for an executable file), or the Python deescalate module (https://pypi.org/project/deescalate/) for code-based capability dropping. Using file-based cap setting to restrict privilege to just CAP_NET_BIND_SERVICE and then dropping that privilege after the port was open would probably be ideal (though I'm not sure how file capabilities apply to interpreted languages (?)).