[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYET--attempted formal specs (again)




On Thu, 3 Aug 1995, Futplex wrote:

> Nathan Zook writes:
> > The NYET-software runs as superuser on the ISP's machine.  All minor
> > accounts have a corresponding configuration file sitting in their
> > account owner's parent's directory, which is locked with read/write by
> > owner only flags.  The correspondence between minor and parent
> > accounts sits in a file owned by root and similiarly locked.
> 
> Just a minor technical comment:
> Based on my rather limited experience lurking on the firewalls list, I
> believe the preferred security-conscious method of running such daemons
> involves _not_ giving them su/root privileges.  Dr. FBC's thttp, for example,
> runs as a user named, e.g., "www" with pretty ordinary privileges. They are
> also often run in a chroot()ed "jail", so that the process can't see any
> directories outside the tree artifically rooted in its home directory. You'd
> then need some mechanism for the `rents to submit configuration updates to
> the imprisoned daemon, I suppose.  Perhaps digitally-signed email....
> 
> -Futplex <[email protected]>
> "Before you started tokin' you used to have a brain, but now you don't get
> even the simplest of things...." -Offspring
> 

I bow before superior wisdom, such as this....

Nathan