DragonFly kernel List (threaded) for 2008-06
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: GSoC 2008 dma enhancements
| From: | "Dan M" <strangepics@xxxxxxxxx> |
| Date: | Wed, 11 Jun 2008 16:15:19 -0400 |
On Tue, Jun 10, 2008 at 7:27 AM, Max Lindner <gisanka@googlemail.com> wrote: > Hi out there! > > Seems that the general tenor goes to a separate utility/helper > application with suid-bit set which takes over the steps where > root-access is compulsory. I will take a look at qmail which seems to > have a similar design (as I read in the other dma thread which came up > last week). The only qmail program that runs setuid is qmail-queue. All critical programs run under separate user/group ids. qmail-local - the program that delivers into a user's mailbox runs as root. In short qmail does as little as possible as root, all qmail programs do not trust each other. http://cr.yp.to/qmail/guarantee.html Here are the diagrams of how things work: http://www.axz.de/qmail/pix/index.html -- Dan
- Follow-Ups:
- Re: GSoC 2008 dma enhancements
- From: strangepics <strangepics@gmail.com>
- Re: GSoC 2008 dma enhancements
- References:
- GSoC 2008 dma enhancements
- From: "Max Lindner" <gisanka@googlemail.com>
- Re: GSoC 2008 dma enhancements
- From: Matthias Schmidt <matthias@dragonflybsd.org>
- Re: GSoC 2008 dma enhancements
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: GSoC 2008 dma enhancements
- From: "Max Lindner" <gisanka@googlemail.com>
- GSoC 2008 dma enhancements
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]