ok, I'm deviating slightly from the firewall charter but how hard would it
be to yank the idea of privileged ports having to belong to root (or for
that matter anybody)? In this day and age when people run their own Linux
boxen and have root access at will, trusting anything because it's
originating from <1025 seems specious at best.
So as it applies to qmail. What if the mail spool was constructed such that
the owner of mail had RW as did the mail daemon but everybody else was 0
(ie 660)? If you have a scenario whereby a mailer would be filing incoming
letters DIRECTLY into a user's home directory you have another problem but
if the directory ACL is 755 and the incoming mailbox had 660 then you
wouldn't have a problem. Right?
Surely I can't be the only one who's thought about stripping out the overly
common use of root for daemons and force them to run as normal users to
include binding to low ports. (yes kernel hacking is involved) What if we
had a portbind group that contained all of the listening daemons? inetd
would have to be looked at as well. Could those who have tried this sort of
project fill me/us in on the problems encountered? When I'm done with my NT
project I might take some time and play with my OpenBSD box.
KeyID = E6A285A2 FingerPrint = 3B1ACE7A081E926C2B4B 8E745FC748ACE6A285A2
Windows95: noun. 32-bit extensions and a graphical shell for a 16-bit
patch to an 8-bit operating system originally coded for a 4-bit
microprocessor, written by a 2-bit company that can't stand 1 bit of
competition. (author unknown)
References:
-
qmail
From: Martin Marusak <marusak @
unipo .
sk>
-
Re: qmail
From: "Magossa'nyi A'rpa'd" <mag @
bunuel .
tii .
matav .
hu>
|
|
