[8825] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Postfix design directions

daemon@ATHENA.MIT.EDU (Peter van Dijk)
Thu Dec 24 21:18:45 1998

Mail-Followup-To: Wietse Venema <wietse@PORCUPINE.ORG>, BUGTRAQ@NETSPACE.ORG
Date: 	Wed, 23 Dec 1998 21:54:39 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
X-To:         Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <19981222200230.6E97245901@spike.porcupine.org>; from Wietse
              Venema on Tue, Dec 22, 1998 at 03:02:30PM -0500

On Tue, Dec 22, 1998 at 03:02:30PM -0500, Wietse Venema wrote:
> This is an invitation for constructive discussion regarding the
> merits of world-writable maildrop directories versus set-uid or
> set-gid posting agents.
>
> The Postfix design takes an unusual approach. In the light of
> experience, I have no difficulty making changes to the design, but
> I want to make an informed decision.
>
> World-writable maildrop directories
> -----------------------------------

[SNIP]

> Set-uid/gid posting agents
> --------------------------

[SNIP]

> Future direction
> ----------------
>
> I see two directions for Postfix evolution: 1) maintain the present
> world-writable maildrop and unprivileged posting agent and 2) use
> a protected directory and a set-gid posting agent (set-uid seems
> to have no obvious advantage here). Is it feasible to keep maildrop
> queue file names secret, and are the other attacks indeed mere
> annoyances? Is it feasible to write secure set-gid programs that
> are not only secure today, but that will be secure on tomorrow's
> UNIX systems as well?

3) Use a UNIX socket, TCP/IP, named pipes, whatever you want, to communicate
between user-level, user-owned processes (which might be a nice sendmail-like
interface) and a long-running process that writes into the queue.

No s[ug]id execution, no world-writeable dirs, just a small performance hit.

Greetz, Peter.
--
'I guess anybody who walks away from a root shell at :         Peter van Dijk
 a nerd party gets what they deserve!' -- BillSF     :peter@attic.vuurwerk.nl
-- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --
finger hardbeat@mdk.ml.org for my public PGP-key
  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -

home help back first fref pref prev next nref lref last post