[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYET--attempted formal specs (again)

Nathan Zook writes:
> The NYET-software runs as superuser on the ISP's machine.  All minor
> accounts have a corresponding configuration file sitting in their
> account owner's parent's directory, which is locked with read/write by
> owner only flags.  The correspondence between minor and parent
> accounts sits in a file owned by root and similiarly locked.

Just a minor technical comment:
Based on my rather limited experience lurking on the firewalls list, I
believe the preferred security-conscious method of running such daemons
involves _not_ giving them su/root privileges.  Dr. FBC's thttp, for example,
runs as a user named, e.g., "www" with pretty ordinary privileges. They are
also often run in a chroot()ed "jail", so that the process can't see any
directories outside the tree artifically rooted in its home directory. You'd
then need some mechanism for the `rents to submit configuration updates to
the imprisoned daemon, I suppose.  Perhaps digitally-signed email....

-Futplex <[email protected]>
"Before you started tokin' you used to have a brain, but now you don't get
even the simplest of things...." -Offspring