Re: GSoC 2008 dma enhancements

["Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>]

Steve O'Hara-Smith wrote:
> On Tue, 3 Jun 2008 00:27:10 +0200
> "Max Lindner" <gisanka@googlemail.com> wrote:
>
> > In order to read a users .forward file, the dma-process must be run as
> > root, so it must be set setuid root. This would solve the problem
> > which I read at the mailinglist the last week, where it was not
> > possible to write a mail from non-root to non-root ootb.
>
> 	There was an earlier thread (subject line: "dma user config" around
> early February) in which Matt was advocating using a daemon started by root
> (rather than setuid) which takes care of the local delivery by forking and
> switching to the recipient user. The main point being that a setuid process
> is a mechanism by which privileges are increased in an environment
> under control of the user while a root started process is one that reduces
> privileges and is in an environment which can only be controlled by root.

To add my ¢2, my original design tried to avoid a daemon process, and I 
still believe this is the right way.  I'd like to see a setuid binary. 
This has to be coded *very* carefully though.  I'd do something like fork 
instantly in main, drop privileges in the parent, have the child listen on 
a pipe.  Do all processing in the parent, request some open files from the 
parent, which then get passed through the pipe (I seem to remember that it 
is possible to pass fds, I think I read it in APUE).

cheers
  simon

--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \