| Because network daemons are intended to run in an unattended fashion for long periods of time, it's worth investing a little extra time to make the code bullet-proof. This chapter presented some of the common techniques for increasing the stability, manageability, and security of network daemons. Logging, whether directly to a file or to a standard logging daemon, allows you to monitor the status of the daemon and to detect exceptional conditions. Privilege manipulation enables daemons to perform certain startup and shutdown tasks as privileged users, but to abandon those privileges before interacting with untrusted network clients . This avoids the daemon's inadvertently damaging the host (whether on its own or encouraged by a hostile attacker). Taint checking activates a mode in which the script checks for common unsafe operations, such as passing untrusted data from the network to an external command. This closes the most common security hole in Perl-based network servers. The chroot() call seals the server into a subdirectory, insulating it from the rest of the filesystem. This helps to harden servers that manipulate files. Finally, one often needs some way to reconfigure a running server. For those servers that run from configuration files, the most common technique is to send it an HUP signal. The chapter closed with an example of how to handle HUP in a forking server by the simple expedient of relaunching it. | 
