GSoC 2008 dma enhancements
strangepics
strangepics at gmail.com
Wed Jun 11 14:43:55 PDT 2008
Dan M wrote:
On Tue, Jun 10, 2008 at 7:27 AM, Max Lindner <gisanka at googlemail.com> wrote:
Hi out there!
Seems that the general tenor goes to a separate utility/helper
application with suid-bit set which takes over the steps where
root-access is compulsory. I will take a look at qmail which seems to
have a similar design (as I read in the other dma thread which came up
last week).
The only qmail program that runs setuid is qmail-queue. All critical
programs run under separate user/group ids.
qmail-local - the program that delivers into a user's mailbox runs as root.
In short qmail does as little as possible as root, all qmail programs
do not trust each other.
http://cr.yp.to/qmail/guarantee.html
Here are the diagrams of how things work:
http://www.axz.de/qmail/pix/index.html
I forgot to mention that it would be worth researching (reading docs and
man pages) and installing and running it to really understand the
beautiful design.
Also, for this, or any other service where security counts I would
highly recommend using a safe, easy to use string library such as the
one included in libowfat: http://www.fefe.de/libowfat/
The standard C string functions, as the history continues to prove us
(and we continue to ignore it), SUCK for writing secure software. You
don't want to end up with either buffer overflows or string escape
vulnerabilities, etc.
More information about the Kernel
mailing list