Re: Anybody working on removing sendmail from base?

[Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>]

    I think we should narrow the discussion some and talk about variant
    symlinks a bit more.  The issue is where to store the variables
    and how to deal with security (aka suid an sgid programs).

    Consider that, right now, we are using shell and program wrappers
    for lots of things.  These wrappers really obfuscate what is actually
    being run rather then clarify it.  For example, take 'mailq'.  Anyone
    care to try to find what 'mailq' actually runs without drawing upon your
    preexisting knowledge of sendmail?

    A variant symlink, on the otherhand, would clarify it.  /usr/bin/mailq
    would become a variant symlink to something like ${mtabase}/bin/mailq
    which itself might be a hardlink or softlink to "sendmail".  Other
    programs would operate the same way.

    -

    So, to begin this discussion lets consider how 'mtabase' is dealt with
    in the kernel?  I'll throw out a possibility:

	* 'varsym' structure represents variable, 'varsymlist' structure
	  represents variable set.

	* Master varsymlist which is system-wide
	* Embed varsymlist in jail
	* Embed varsymlist in struct uidinfo (see sys/resourcevar.h)
	* Embed varsymlist in struct proc (for local adjustments)
	* Make uidinfo per-jail as well as per-uid.
	* Resource limit to limit max kernel memory used for a varsymlist
	  variable set.
	* Utilities and system calls to modify varsymlist system-wide,
	  in jail, for uid in jail, or locally (in proc).

    SUID/SGID operation:

	* on exec new program does NOT inherit varsymlist from parent
	  process.
	* SGID programs do not inherit varsymlist from uidinfo.

    UTILITIES:

	* setvarsym, delvarsym, showvarsym, default to local varsym with
	  options to modify system-wide (true root only), jail (pseudo
	  root only), or user/uid (root or that user only) copy.

    Am I missing anything?

						-Matt