DragonFly kernel List (threaded) for 2008-06
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: GSoC 2008 dma enhancements
Steve O'Hara-Smith wrote:
On Tue, 3 Jun 2008 00:27:10 +0200
"Max Lindner" <gisanka@googlemail.com> wrote:
In order to read a users .forward file, the dma-process must be run as
root, so it must be set setuid root. This would solve the problem
which I read at the mailinglist the last week, where it was not
possible to write a mail from non-root to non-root ootb.
There was an earlier thread (subject line: "dma user config" around
early February) in which Matt was advocating using a daemon started by root
(rather than setuid) which takes care of the local delivery by forking and
switching to the recipient user. The main point being that a setuid process
is a mechanism by which privileges are increased in an environment
under control of the user while a root started process is one that reduces
privileges and is in an environment which can only be controlled by root.
To add my ¢2, my original design tried to avoid a daemon process, and I
still believe this is the right way. I'd like to see a setuid binary.
This has to be coded *very* carefully though. I'd do something like fork
instantly in main, drop privileges in the parent, have the child listen on
a pipe. Do all processing in the parent, request some open files from the
parent, which then get passed through the pipe (I seem to remember that it
is possible to pass fds, I think I read it in APUE).
cheers
simon
--
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]