DragonFly kernel List (threaded) for 2008-06
DragonFly BSD
DragonFly kernel List (threaded) for 2008-06
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: GSoC 2008 dma enhancements


From: strangepics <strangepics@xxxxxxxxx>
Date: Wed, 11 Jun 2008 17:36:25 -0400

Dan M wrote:
On Tue, Jun 10, 2008 at 7:27 AM, Max Lindner <gisanka@googlemail.com> wrote:
Hi out there!

Seems that the general tenor goes to a separate utility/helper
application with suid-bit set which takes over the steps where
root-access is compulsory. I will take a look at qmail which seems to
have a similar design (as I read in the other dma thread which came up
last week).

The only qmail program that runs setuid is qmail-queue. All critical programs run under separate user/group ids.

qmail-local - the program that delivers into a user's mailbox runs as root.

In short qmail does as little as possible as root, all qmail programs
do not trust each other.
http://cr.yp.to/qmail/guarantee.html

Here are the diagrams of how things work:
http://www.axz.de/qmail/pix/index.html


I forgot to mention that it would be worth researching (reading docs and man pages) and installing and running it to really understand the beautiful design.

Also, for this, or any other service where security counts I would highly recommend using a safe, easy to use string library such as the one included in libowfat: http://www.fefe.de/libowfat/

The standard C string functions, as the history continues to prove us (and we continue to ignore it), SUCK for writing secure software. You don't want to end up with either buffer overflows or string escape vulnerabilities, etc.




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]