[8825] in bugtraq
Re: Postfix design directions
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Thu Dec 24 21:18:45 1998
Mail-Followup-To: Wietse Venema <wietse@PORCUPINE.ORG>, BUGTRAQ@NETSPACE.ORG
Date: Wed, 23 Dec 1998 21:54:39 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
X-To: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981222200230.6E97245901@spike.porcupine.org>; from Wietse
Venema on Tue, Dec 22, 1998 at 03:02:30PM -0500
On Tue, Dec 22, 1998 at 03:02:30PM -0500, Wietse Venema wrote:
> This is an invitation for constructive discussion regarding the
> merits of world-writable maildrop directories versus set-uid or
> set-gid posting agents.
>
> The Postfix design takes an unusual approach. In the light of
> experience, I have no difficulty making changes to the design, but
> I want to make an informed decision.
>
> World-writable maildrop directories
> -----------------------------------
[SNIP]
> Set-uid/gid posting agents
> --------------------------
[SNIP]
> Future direction
> ----------------
>
> I see two directions for Postfix evolution: 1) maintain the present
> world-writable maildrop and unprivileged posting agent and 2) use
> a protected directory and a set-gid posting agent (set-uid seems
> to have no obvious advantage here). Is it feasible to keep maildrop
> queue file names secret, and are the other attacks indeed mere
> annoyances? Is it feasible to write secure set-gid programs that
> are not only secure today, but that will be secure on tomorrow's
> UNIX systems as well?
3) Use a UNIX socket, TCP/IP, named pipes, whatever you want, to communicate
between user-level, user-owned processes (which might be a nice sendmail-like
interface) and a long-running process that writes into the queue.
No s[ug]id execution, no world-writeable dirs, just a small performance hit.
Greetz, Peter.
--
'I guess anybody who walks away from a root shell at : Peter van Dijk
a nerd party gets what they deserve!' -- BillSF :peter@attic.vuurwerk.nl
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
finger hardbeat@mdk.ml.org for my public PGP-key
- --- - --- - --- - --- - --- - --- - --- - --- - --- -