DragonFly kernel List (threaded) for 2008-06
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: GSoC 2008 dma enhancements
Dan M wrote:
On Tue, Jun 10, 2008 at 7:27 AM, Max Lindner <gisanka@googlemail.com> wrote:
Hi out there!
Seems that the general tenor goes to a separate utility/helper
application with suid-bit set which takes over the steps where
root-access is compulsory. I will take a look at qmail which seems to
have a similar design (as I read in the other dma thread which came up
last week).
The only qmail program that runs setuid is qmail-queue. All critical
programs run under separate user/group ids.
qmail-local - the program that delivers into a user's mailbox runs as root.
In short qmail does as little as possible as root, all qmail programs
do not trust each other.
http://cr.yp.to/qmail/guarantee.html
Here are the diagrams of how things work:
http://www.axz.de/qmail/pix/index.html
I forgot to mention that it would be worth researching (reading docs and
man pages) and installing and running it to really understand the
beautiful design.
Also, for this, or any other service where security counts I would
highly recommend using a safe, easy to use string library such as the
one included in libowfat: http://www.fefe.de/libowfat/
The standard C string functions, as the history continues to prove us
(and we continue to ignore it), SUCK for writing secure software. You
don't want to end up with either buffer overflows or string escape
vulnerabilities, etc.
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]