Sorry Dan, but you'r wrong again:
#> ps|grep postfix
root 874 0.0 0.3 2756 816 ? Ss May11 0:00
/usr/lib/postfix/master
postfix 878 0.0 0.6 5900 1600 ? S May11 0:00 qmgr -l
-t fifo -u -c
postfix 20510 0.0 0.7 5880 2040 ? S 21:41 0:00 pickup -l
-t fifo -u -c
Postfix uses a master process running as root to spawn seperate setuid
programs.
You are correct in seeing network server running uid root as potentially
exploitable. But best practice as shown by apache, postfix and mysql for
that matter is to run a single limitedly scoped process that forks,
spawns or begets in any conceivable fashion some seperate or forked
processes with reduced privileges.
Dan Weber wrote:
On Thu, May 13, 2004 at 01:19:14PM +0200, Ilja Booij wrote:
Dan Weber wrote:
I've just checked on a webserver:
the 'root' apache process also is in state LISTEN and runs as root. So I
guess that's the way its' supposed to be. I presume Apache would be
doing The Right Thing.
Its not the right thing. It is probably a different scenario with
apache. However, nothing besides apache has a root parent process.
Dovecot another pop/imap server was written very securely. Same goes
for postfix. Neither ever have a root parent process. You also may
be able to have a root process if its something like http which is
fairly secure as long as webdav isn't enabled. Information is really
only coming one way, whereas imap it goes both, and same for any smtp.
-- Dan Weber
NOTE:
postfix's author is known for his very secure programs.
------------------------------------------------------------------------
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
--
________________________________________________________________
Paul Stevens mailto:[EMAIL PROTECTED]
NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED]
The Netherlands________________________________http://www.nfg.nl
