Anybody working on removing sendmail from base?
Matthew Dillon
dillon at apollo.backplane.com
Mon Sep 29 14:19:30 PDT 2003
I think we should narrow the discussion some and talk about variant
symlinks a bit more. The issue is where to store the variables
and how to deal with security (aka suid an sgid programs).
Consider that, right now, we are using shell and program wrappers
for lots of things. These wrappers really obfuscate what is actually
being run rather then clarify it. For example, take 'mailq'. Anyone
care to try to find what 'mailq' actually runs without drawing upon your
preexisting knowledge of sendmail?
A variant symlink, on the otherhand, would clarify it. /usr/bin/mailq
would become a variant symlink to something like ${mtabase}/bin/mailq
which itself might be a hardlink or softlink to "sendmail". Other
programs would operate the same way.
-
So, to begin this discussion lets consider how 'mtabase' is dealt with
in the kernel? I'll throw out a possibility:
* 'varsym' structure represents variable, 'varsymlist' structure
represents variable set.
* Master varsymlist which is system-wide
* Embed varsymlist in jail
* Embed varsymlist in struct uidinfo (see sys/resourcevar.h)
* Embed varsymlist in struct proc (for local adjustments)
* Make uidinfo per-jail as well as per-uid.
* Resource limit to limit max kernel memory used for a varsymlist
variable set.
* Utilities and system calls to modify varsymlist system-wide,
in jail, for uid in jail, or locally (in proc).
SUID/SGID operation:
* on exec new program does NOT inherit varsymlist from parent
process.
* SGID programs do not inherit varsymlist from uidinfo.
UTILITIES:
* setvarsym, delvarsym, showvarsym, default to local varsym with
options to modify system-wide (true root only), jail (pseudo
root only), or user/uid (root or that user only) copy.
Am I missing anything?
-Matt
More information about the Kernel
mailing list