Outstanding issues

[Darren Spruell]

On 9/24/06, carter at qosient.com <carter at qosient.com> wrote:

[snip]

> (Still thinking about a general approach to the chroot/user/group issues).

[snip]

> If anyone has comments, please holler, and thanks for all the help!!!!!

Just the above, namely the chroot/user issues. There'd been some good
discussion recently regarding the semantics of exactly how to handle
that.

I'm not a programmer, but I'd very much like to see that succeed.
Available for testing of course. Regarding strategy, most of what I've
seen thusfar done has been on OpenBSD which as a platform places a lot
of emphasis on reducing exposure for daemons that require some amount
of root privileges by one of two methods; privilege seperation and
privilege revocation. The first involves splitting the functionality
of a program out into two seperate processes, one that runs the stuff
requiring higher privileges as root, and one that runs as a lower
privileged user to carry out the non-privileged functions. Privilege
revocation involves a single process which is launched as root to do
the root stuff and once the privileged startup stuff is done, changes
uid over to the non-privileged user.

If it's worth anything, reference code in OpenBSD is open and easily
found (http://www.openbsd.org/cgi-bin/cvsweb.cgi) and several programs
make use of these features.

tcpdump(8)
dhclient(8)
dhcpd(8)
pflogd(8)
syslogd(8)
ntpd(8) (OpenNTPD)
ftp-proxy(8)
httpd(8)

3rd party apps that handle it as well come to mind:

snort(8)
openvpn(8)
named(8)

And to be clear, I hope I'm not talking down to anyone here. Simply
hoping to get things rolling where the work's been done before...

-- 
Darren Spruell
phatbuckett at gmail.com