Dear All, First of all, I'm glad I'm moving my mail servers to opensmtpd. I'm pretty late compared to others but I think that the code is very high quality & very secure.
FreeBSD 10 is going to be released soon. I've been playing with the capsicum framework, which is a lightweight sandboxing toolkit which is enabled by default in 10. I have a diff that sandboxes purge_task(). http://elandsys.com/~logan/smtpd.c.diff Quote from cap_enter man page: cap_enter() places the current process into capability mode, a mode of execution in which processes may only issue system calls operating on file descriptors or reading limited global system state. Access to global name spaces, such as file system or IPC name spaces, is prevented. If the process is already in a capability mode sandbox, the system call is a no-op. Future process descendants create with fork(2) or pdfork(2) will be placed in capability mode from inception. It's possible to go further but that would imply some rewriting. Is there interest to sandbox other subprocesses in opensmtpd ? (I can add the autoconf layer later). Kind regards, //Logan -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
