Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Ben Ford

Tomas Telensky wrote:



>But, what I should say to the network security, is that AFAIK in the most
>of linux distributions the standard daemons (httpd, sendmail) are run as
>root! Having multi-user system or not! Why? For only listening to a port
><1024? Is there any elegant solution?
>

Yes, most daemons have the ability to switch user ID once they have 
bound tho the port.  Additionally, support is starting to show up for 
capabilities.  I know that ProFTPD has support.  Now, assuming it is 
running on a newer kernel, it never needs to be root, because it has 
been granted the capability to open a low port.  Even if it is cracked, 
it cannot do other things like . . . insert a kernel module, . . . 
overwrite /etc/passwd . . . . . etc

-b

-- 
Three things are certain:
Death, taxes, and lost data
Guess which has occurred.
- - - - - - - - - - - - - - - - - - - -
Patched Micro$oft servers are secure today . . . but tomorrow is another story!



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread David =?ISO-8859-1?Q?G=F3mez

On Tue, 24 Apr 2001, Tomas Telensky wrote:

> 
> But, what I should say to the network security, is that AFAIK in the most
> of linux distributions the standard daemons (httpd, sendmail) are run as
> root! Having multi-user system or not! Why? For only listening to a port
> <1024? Is there any elegant solution?
> 

httpd as root ? that's what i call a clueless network admin.
sendmail has an OBSOLETE design. Use a good MTA like qmail. Exim or
smail are ok, but they're still "sendmailish".


David Gómez

"The question of whether computers can think is just like the question of
 whether submarines can swim." -- Edsger W. Dijkstra


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Markus Schaber

Hello,

On Tue, 24 Apr 2001, Alan Cox wrote:

> > Now, in order for step 4 to be done safely, procmail should be running
> > as the user it's meant to deliver the mail for. for this to happen
> > sendmail needs to start it as that user in step 3 and to do that it
> > needs extra privs, above and beyond that of a normal user.
>
>   email -> sendmail
>   sendmail 'its local' -> spool
>
> user:
>   get_mail | procmail
>   mutt
>
> The mail server doesnt need to run procmail. If you wanted to run mail batches
> through on a regular basis you can use cron for it, or leave a daemon running

Oh, well, cron is just another suid program.

This example would just be the ideal scenario for posix- or novell-style
ACLs in the filesystem.

You run the MDA/MTA under some mailerdaemon uid. And then a user can
explicitly give this daemon read access to .procmail etc. You can also
give the MTA (and nobody else) write access to /var/spool/mail. The MDA
then gives the specifical user full access to the spoolfile when creating
it, or adding mail to it. And the user can fetch his mail and truncate or
delete the file just as he and his software is used to.

There are much more things with ACLs, especially in workgroup environments
(That's why I loved the old Novel server in our university), but they
never got into the kernel.  And as far as I (as a non-hacker) understand,
the fields reserved for this feature were dropped for the large file
support, so we may never see ACLs.

Gruß,
Markus
-- 
| Gluecklich ist, wer vergisst, was nicht aus ihm geworden ist.
+---. ,>
http://www.uni-ulm.de/~s_mschab/ \   /
mailto:[EMAIL PROTECTED]  \_/


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alan Cox

> And get_mail must have elevated privileges to search for the users mail...
> or sendmail must have already switched user on reciept to put it in the
> users inbox which also requires privleges...

No. Think instead of blindly following existing implementation

socket(AF_UNIX, SOCK_STREAM, 0);
connect("/var/run/mailservice");
write("GIMMEMYMAIL\n");
read("200 CATCH..");
read(all my mail)

The daemon needs no priviledge. The client needs no priviledge. The 
PEERCRED authentication on AF_UNIX sockets does the work. I can even pass you
back the file handle of the mailbox if I was using an old style non database
indexed mail spool.

> It's much more efficent to process each mail as it arrives.

You are doing a lot more exec() calls that way. If you get enough mail
to make spool space an issue you want a daemon.

Alan


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Jesse Pollard

-  Received message begins Here  -

> 
> > 1. email -> sendmail
> > 2. sendmail figures out what it has to do with it. turns out it's deliver
> ...
> 
> > Now, in order for step 4 to be done safely, procmail should be running
> > as the user it's meant to deliver the mail for. for this to happen
> > sendmail needs to start it as that user in step 3 and to do that it
> > needs extra privs, above and beyond that of a normal user.
> 
>   email -> sendmail
>   sendmail 'its local' -> spool
> 
> user:
>   get_mail | procmail
>   mutt
> 
> The mail server doesnt need to run procmail. If you wanted to run mail batches
> through on a regular basis you can use cron for it, or leave a daemon running

And get_mail must have elevated privileges to search for the users mail...
or sendmail must have already switched user on reciept to put it in the
users inbox which also requires privleges...

And an additional daemon (owned by the user) is yet another attack point...

Cron could be used to batch message handling... as long as it runs before
the users quota is used up. This becomes the same as using IMAP or fetchmail
to download it.

It's much more efficent to process each mail as it arrives.

All this does is move the program that requires privileges to somewhere
else. It doesn't eliminate it.

Granted, sendmail could use a better implementation of a security model.

-
Jesse I Pollard, II
Email: [EMAIL PROTECTED]

Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alex Riesen

On Tue, Apr 24, 2001 at 04:53:10PM +0100, Alan Cox wrote:
> > 1. email -> sendmail
> > 2. sendmail figures out what it has to do with it. turns out it's deliver
> ...
> 
> > Now, in order for step 4 to be done safely, procmail should be running
> > as the user it's meant to deliver the mail for. for this to happen
> > sendmail needs to start it as that user in step 3 and to do that it
> > needs extra privs, above and beyond that of a normal user.
> 
>   email -> sendmail
>   sendmail 'its local' -> spool
Isn't this a good thing to have spam filtered out before it will be
written in spool?

Alex Riesen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alan Cox

> 1. email -> sendmail
> 2. sendmail figures out what it has to do with it. turns out it's deliver
...

> Now, in order for step 4 to be done safely, procmail should be running
> as the user it's meant to deliver the mail for. for this to happen
> sendmail needs to start it as that user in step 3 and to do that it
> needs extra privs, above and beyond that of a normal user.

email -> sendmail
sendmail 'its local' -> spool

user:
get_mail | procmail
mutt

The mail server doesnt need to run procmail. If you wanted to run mail batches
through on a regular basis you can use cron for it, or leave a daemon running


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Pjotr Kourzanoff

On Wed, 25 Apr 2001, CaT wrote:

> On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> > > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > > configuration.
> >
> >   This requires you to ensure that your MTA is started first on that
> >   port...Might be difficult to achieve reliably in an automatic way
> >   without root privileges :-(
> >
> >   mailuser@foo% /etc/rc.d/init.d/sendmail stop
> >   badguy@foo% ./suck 2525
> >   mailuser@foo% /etc/rc.d/init.d/sendmail start
>
> Not necessarily. While I have no yet used the feature, iptables
> permits firewalling on userid. I presume this includes wether or

  man iptables.

> not a program can listen on a port, right? (and all the other
> fun things).
>
> If so then all you'd have to do is deny external access to port 2525
> and only permit mailuser to listen etc on it and you're set.

  For this to work, you need to hack up iptables on the mail server
  itself as -m owner only works for locally generated packets. And
  even then ./suck will receive on 2525 but will not be able to reply.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread CaT

On Tue, Apr 24, 2001 at 03:59:28PM +0100, Alan Cox wrote:
> What is this gid mail crap ? You don't need priviledge. You get the mail by
> asking the daemon for it. procmail needs no priviledge either if it is done
> right.
> 
> You just need to think about the security models in the right way. Linux gives
> you the ability to do authenticated uid/gid checking over a socket connection.
> That is an incredibly powerful model for real compartmentalisation.

Ok. My experience isn't all that great so I may well be missing something
here. But what?

1. email -> sendmail

2. sendmail figures out what it has to do with it. turns out it's deliver
it locally for user blah

3. sendmail starts procmail so that it delivers the email.

4. procmail goes through the recepie list for user blah and eventually
delivers the email (one way or another)

Now, in order for step 4 to be done safely, procmail should be running
as the user it's meant to deliver the mail for. for this to happen
sendmail needs to start it as that user in step 3 and to do that it
needs extra privs, above and beyond that of a normal user.

Now as I said, I'm not a UNIX God[tm] and so I may well be missing something
vital. If so, what is it? This sounds like something that would be way
useful to learn. :)

-- 
CaT ([EMAIL PROTECTED])*** Jenna has joined the channel.
 speaking of mental giants..
 me, a giant, bullshit
 And i'm not mental
- An IRC session, 20/12/2000

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Jesse Pollard

Tomas Telensky <[EMAIL PROTECTED]>
> On Tue, 24 Apr 2001, Alexander Viro wrote:
> > On Tue, 24 Apr 2001, Tomas Telensky wrote:
> > 
> > > of linux distributions the standard daemons (httpd, sendmail) are run as
> > > root! Having multi-user system or not! Why? For only listening to a port
> > > <1024? Is there any elegant solution?
> > 
> > Sendmail is old. Consider it as a remnant of times when network was
> > more... friendly. Security considerations were mostly ignored - and
> > not only by sendmail. It used to be choke-full of holes. They were
> > essentially debugged out of it in late 90s. It seems to be more or
> > less OK these days, but it's full of old cruft. And splitting the
> > thing into reasonable parts and leaving them with minaml privileges
> > they need is large and painful work.

Actually, if you view sendmail as being an expert system it is very
cutting edge :-) It can identify a user from very skimpy data if it
is allowed to (fuzzy matching user names). It identifies local hosts
(with FQDN or partial name, or only host name).

> Thanks for the comment. And why not just let it listen to 25 and then
> being run as uid=nobody, gid=mail?

Because then everybodys mail would be owned by user "nobody".

There are some ways to do this, but they are unreliable.

   1. If the users mail is delivered to /var/mail/; then the
  file /var/mail/ must always exist.

This requires ALL MUAs to truncate the file.
Some MUAs use file existance to determine if there is new mail.
If it doesn't exist, then no new mail... ever.

   2. sendmail will not be able to create the /var/mail/ mail box.

   3. sendmail will not be able to process forwarding mail.
User nobody should not be able to read files in users home
directory... .forward files are private to the user...

   4. sendmail will not be able to process user mail filters (same problem
as forwarding).

Note: these filters are applied on receipt of mail (saves time and
disk space since the filter can discard mail immediately or put it
in appropriate folders immediately).

-
Jesse I Pollard, II
Email: [EMAIL PROTECTED]

Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread CaT

On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > configuration.
> 
>   This requires you to ensure that your MTA is started first on that
>   port...Might be difficult to achieve reliably in an automatic way
>   without root privileges :-(
> 
>   mailuser@foo% /etc/rc.d/init.d/sendmail stop
>   badguy@foo% ./suck 2525
>   mailuser@foo% /etc/rc.d/init.d/sendmail start

Not necessarily. While I have no yet used the feature, iptables
permits firewalling on userid. I presume this includes wether or
not a program can listen on a port, right? (and all the other
fun things).

If so then all you'd have to do is deny external access to port 2525
and only permit mailuser to listen etc on it and you're set.

-- 
CaT ([EMAIL PROTECTED])*** Jenna has joined the channel.
 speaking of mental giants..
 me, a giant, bullshit
 And i'm not mental
- An IRC session, 20/12/2000

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Gábor Lénárt

On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> On Tue, 24 Apr 2001, [iso-8859-2] Gábor Lénárt wrote:
> >
> > Or even without xinetd. Just use local port forwarding eg 2525 -> 25, and
> 
>   This is more like 25 -> 2525 :-)

OK, that was a hard night for me, I need some sleep :)

> > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > configuration.
> 
>   This requires you to ensure that your MTA is started first on that
>   port...Might be difficult to achieve reliably in an automatic way
>   without root privileges :-(
> 
>   mailuser@foo% /etc/rc.d/init.d/sendmail stop
>   badguy@foo% ./suck 2525
>   mailuser@foo% /etc/rc.d/init.d/sendmail start

Yes, you're right. But this is a mail server without any user on it
(even users are authenticated from LDAP).

-- 
 --[ Gábor Lénárt ]---[ Vivendi Telecom Hungary ]-[ [EMAIL PROTECTED] ]--
 U have 8 bit comp or chip of them and it's unused or to be sold? Call me!
 ---[ +36 30 2270823 ]--> LGB <-[ Linux/UNIX/8bit 4ever ]-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alan Cox

> I've always found the root < 1024 to be quite limmited and find myself
> wishing I could assign permissions based on ip/port. 

Its been done. Search for 'sockfs' I believe it was called.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alan Cox

> > Copying spool articles matching the peercred to the client does not
> 
> Running procmail as the user who is to receive the email for local mail
> delivery as running it with gid mail (for eg) would allow one user to
> modify another's mail.

What is this gid mail crap ? You don't need priviledge. You get the mail by
asking the daemon for it. procmail needs no priviledge either if it is done
right.

You just need to think about the security models in the right way. Linux gives
you the ability to do authenticated uid/gid checking over a socket connection.
That is an incredibly powerful model for real compartmentalisation.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Gerhard Mack

On Tue, 24 Apr 2001, Alan Cox wrote:

> > On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > > Correct. <1024 requires root to bind to the port.
> > ... And nothing says that it should be done by daemon itself.
> 
> Or that you shouldnt let inetd do it for you
> And that you shouldn't drop the capabilities except that bind
> 
> It is possible to implement the entire mail system without anything running
> as root but xinetd.
> 
Qmail does exactly this afik.  

I've always found the root < 1024 to be quite limmited and find myself
wishing I could assign permissions based on ip/port. 

Gerhard

 

--
Gerhard Mack

[EMAIL PROTECTED]

<>< As a computer I find your faith in technology amusing.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread CaT

On Tue, Apr 24, 2001 at 03:37:34PM +0100, Alan Cox wrote:
> What role requires priviledge once the port is open ?
> 
>   DNS lookup does not
>   Spooling to disk does not
>   Accepting a connection from a client does not
>   Doing peercred auth with a client does not
>   Copying spool articles matching the peercred to the client does not

Running procmail as the user who is to receive the email for local mail
delivery as running it with gid mail (for eg) would allow one user to
modify another's mail.

(just a thought - the above's valid with sendmail at least)

-- 
CaT ([EMAIL PROTECTED])*** Jenna has joined the channel.
 speaking of mental giants..
 me, a giant, bullshit
 And i'm not mental
- An IRC session, 20/12/2000

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Pjotr Kourzanoff

On Tue, 24 Apr 2001, [iso-8859-2] Gábor Lénárt wrote:
>
> Or even without xinetd. Just use local port forwarding eg 2525 -> 25, and

  This is more like 25 -> 2525 :-)

> use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> configuration.

  This requires you to ensure that your MTA is started first on that
  port...Might be difficult to achieve reliably in an automatic way
  without root privileges :-(

  mailuser@foo% /etc/rc.d/init.d/sendmail stop
  badguy@foo% ./suck 2525
  mailuser@foo% /etc/rc.d/init.d/sendmail start
  ...



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alexander Viro



On Tue, 24 Apr 2001, Alan Cox wrote:

> > > It is possible to implement the entire mail system without anything running
> > > as root but xinetd.
> > 
> > You want an MDA with elevated privileges, though...
 ^
> What role requires priviledge once the port is open ?

.forward handling may, depending on how much do you want to put into it.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alan Cox

> > It is possible to implement the entire mail system without anything running
> > as root but xinetd.
> 
> You want an MDA with elevated privileges, though...

What role requires priviledge once the port is open ?

DNS lookup does not
Spooling to disk does not
Accepting a connection from a client does not
Doing peercred auth with a client does not
Copying spool articles matching the peercred to the client does not

Alan


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Gábor Lénárt

On Tue, Apr 24, 2001 at 03:18:11PM +0100, Alan Cox wrote:
> > On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > > Correct. <1024 requires root to bind to the port.
> > ... And nothing says that it should be done by daemon itself.
> 
> Or that you shouldnt let inetd do it for you
> And that you shouldn't drop the capabilities except that bind
> 
> It is possible to implement the entire mail system without anything running
> as root but xinetd.

Or even without xinetd. Just use local port forwarding eg 2525 -> 25, and
use port 2525 as SMTP port in your MTA. I've succeed to setup such a
configuration.

-- 
 --[ Gábor Lénárt ]---[ Vivendi Telecom Hungary ]-[ [EMAIL PROTECTED] ]--
 U have 8 bit comp or chip of them and it's unused or to be sold? Call me!
 ---[ +36 30 2270823 ]--> LGB <-[ Linux/UNIX/8bit 4ever ]-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alexander Viro



On Tue, 24 Apr 2001, Alan Cox wrote:

> > On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > > Correct. <1024 requires root to bind to the port.
> > ... And nothing says that it should be done by daemon itself.
> 
> Or that you shouldnt let inetd do it for you
> And that you shouldn't drop the capabilities except that bind
> 
> It is possible to implement the entire mail system without anything running
> as root but xinetd.

You want an MDA with elevated privileges, though...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alan Cox

> On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > Correct. <1024 requires root to bind to the port.
> ... And nothing says that it should be done by daemon itself.

Or that you shouldnt let inetd do it for you
And that you shouldn't drop the capabilities except that bind

It is possible to implement the entire mail system without anything running
as root but xinetd.




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alexander Viro



On Tue, 24 Apr 2001, Tomas Telensky wrote:

> Thanks for the comment. And why not just let it listen to 25 and then
> being run as uid=nobody, gid=mail?

Handling of .forward, for one thing. Or pipe aliases, or...

None of this stuff is unsolvable (e.g. handling of .forward belongs to
MDA, not MTA), but changing that will break existing setups.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Tomas Telensky



On Tue, 24 Apr 2001, Alexander Viro wrote:

> 
> 
> On Tue, 24 Apr 2001, Tomas Telensky wrote:
> 
> > of linux distributions the standard daemons (httpd, sendmail) are run as
> > root! Having multi-user system or not! Why? For only listening to a port
> > <1024? Is there any elegant solution?
> 
> Sendmail is old. Consider it as a remnant of times when network was
> more... friendly. Security considerations were mostly ignored - and
> not only by sendmail. It used to be choke-full of holes. They were
> essentially debugged out of it in late 90s. It seems to be more or
> less OK these days, but it's full of old cruft. And splitting the
> thing into reasonable parts and leaving them with minaml privileges
> they need is large and painful work.

Thanks for the comment. And why not just let it listen to 25 and then
being run as uid=nobody, gid=mail?
  Tomas

> 
> There are alternatives (e.g. exim, or two unmentionable ones) that are
> cleaner. Besides, there are some, erm, half-promises that next major
> release of sendmail may be a big cleanup. Hell knows what will come out
> of that.
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alexander Viro



On Tue, 24 Apr 2001, Mohammad A. Haque wrote:

> Correct. <1024 requires root to bind to the port.

... And nothing says that it should be done by daemon itself.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Alexander Viro



On Tue, 24 Apr 2001, Tomas Telensky wrote:

> of linux distributions the standard daemons (httpd, sendmail) are run as
> root! Having multi-user system or not! Why? For only listening to a port
> <1024? Is there any elegant solution?

Sendmail is old. Consider it as a remnant of times when network was
more... friendly. Security considerations were mostly ignored - and
not only by sendmail. It used to be choke-full of holes. They were
essentially debugged out of it in late 90s. It seems to be more or
less OK these days, but it's full of old cruft. And splitting the
thing into reasonable parts and leaving them with minaml privileges
they need is large and painful work.

There are alternatives (e.g. exim, or two unmentionable ones) that are
cleaner. Besides, there are some, erm, half-promises that next major
release of sendmail may be a big cleanup. Hell knows what will come out
of that.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Mohammad A. Haque

On Tue, 24 Apr 2001, Tomas Telensky wrote:

> :-) Great.
> You and Alex are right - I agree that this is a complete moronism.
>
> But, what I should say to the network security, is that AFAIK in the most
> of linux distributions the standard daemons (httpd, sendmail) are run as
> root! Having multi-user system or not! Why? For only listening to a port
> <1024? Is there any elegant solution?

If your distro is runnign httpd as root you may want to give them a nice
swift kick in the behind. By default apache is configured to run as
nobody.

Dunno about sendmail.

Correct. <1024 requires root to bind to the port.

-- 

=
Mohammad A. Haque  http://www.haque.net/
   [EMAIL PROTECTED]

  "Alcohol and calculus don't mix. Project Lead
   Don't drink and derive." --Unknown  http://wm.themes.org/
   [EMAIL PROTECTED]
=

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



Re: [OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Tomas Telensky



> 
> trustix.co.id?  hehehe.
> 
> If you don't want to login with user/password, then change your
> password to "".  Don't want to even do that?  Then just change
> /etc/inittab to invoke "login -f username" instead of mingetty or
> whatever.  No need at all to hack the kernel up.
> 
> Dunno why you sent the patch here or to Linus though..  The
> chance of it even being looked at are about 1/2^infinity  ;o)

:-) Great.
You and Alex are right - I agree that this is a complete moronism.

But, what I should say to the network security, is that AFAIK in the most
of linux distributions the standard daemons (httpd, sendmail) are run as
root! Having multi-user system or not! Why? For only listening to a port
<1024? Is there any elegant solution?

  Tomas



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



[OFFTOPIC] Re: [PATCH] Single user linux

2001-04-24 Thread Mike A. Harris

On Tue, 24 Apr 2001 [EMAIL PROTECTED] wrote:

>a friend of my asked me on how to make linux easier to use
>for personal/casual win user.
>
>i found out that one of the big problem with linux and most
>other operating system is the multi-user thing.
>
>i think, no personal computer user should know about what's
>an operating system idea of a user. they just want to use
>the computer, that's it.
>
>by a personal computer i mean home pc, notebook, tablet,
>pda, and communicator. only one user will use those devices,
>or maybe his/her friend/family. do you think that user want
>to know about user account?
>
>from that, i also found out that it is very awkward to type
>username and password every time i use my computer.
>so here's a patch. i also have removed the user_struct from
>my kernel, but i don't think you'd like #ifdef's.
>may be it'll be good for midori too.

trustix.co.id?  hehehe.

If you don't want to login with user/password, then change your
password to "".  Don't want to even do that?  Then just change
/etc/inittab to invoke "login -f username" instead of mingetty or
whatever.  No need at all to hack the kernel up.

Dunno why you sent the patch here or to Linus though..  The
chance of it even being looked at are about 1/2^infinity  ;o)

I've got a hacked up version of mingetty that allows you to
configure autologins on tty's if you like.  You're welcome to my
packages if you like just email me privately. It is useful if you
are in an environment where physical security is not a concern at
all, but network security is still a concern.  I use it so I can
boot up, login once, and it fires up tty's on all consoles for
me.  It can also bypass any login if you like.


--
Mike A. Harris  -  Linux advocate  -  Free Software advocate
  This message is copyright 2001, all rights reserved.
  Views expressed are my own, not necessarily shared by my employer.
--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/