GSoC 2008 dma enhancements

strangepics strangepics at gmail.com
Wed Jun 11 14:43:55 PDT 2008


Dan M wrote:
On Tue, Jun 10, 2008 at 7:27 AM, Max Lindner <gisanka at googlemail.com> wrote:
Hi out there!

Seems that the general tenor goes to a separate utility/helper
application with suid-bit set which takes over the steps where
root-access is compulsory. I will take a look at qmail which seems to
have a similar design (as I read in the other dma thread which came up
last week).
The only qmail program that runs setuid is qmail-queue. All critical
programs run under separate user/group ids.
qmail-local - the program that delivers into a user's mailbox runs as root.

In short qmail does as little as possible as root, all qmail programs
do not trust each other.
http://cr.yp.to/qmail/guarantee.html
Here are the diagrams of how things work:
http://www.axz.de/qmail/pix/index.html


I forgot to mention that it would be worth researching (reading docs and 
man pages) and installing and running it to really understand the 
beautiful design.

Also, for this, or any other service where security counts I would 
highly recommend using a safe, easy to use string library such as the 
one included in  libowfat: http://www.fefe.de/libowfat/

The standard C string functions, as the history continues to prove us 
(and we continue to ignore it), SUCK for writing secure software. You 
don't want to end up with either buffer overflows or string escape 
vulnerabilities, etc.






More information about the Kernel mailing list