On Wed, Jan 01, 2014 at 08:11:32PM +0400, Loganaden Velvindron wrote: > Dear All, >
Hi, > First of all, I'm glad I'm moving my mail servers to opensmtpd. I'm > pretty late compared > to others but I think that the code is very high quality & very secure. > yay ! > FreeBSD 10 is going to be released soon. > > I've been playing with the capsicum framework, which is a lightweight > sandboxing toolkit > which is enabled by default in 10. > > I have a diff that sandboxes purge_task(). > http://elandsys.com/~logan/smtpd.c.diff > > Quote from cap_enter man page: > > cap_enter() places the current process into capability mode, a mode of > execution in which processes may only issue system calls operating on > file descriptors or reading limited global system state. Access to > global name spaces, such as file system or IPC name spaces, is prevented. > If the process is already in a capability mode sandbox, the system call > is a no-op. Future process descendants create with fork(2) or pdfork(2) > will be placed in capability mode from inception. > > > > It's possible to go further but that would imply some rewriting. Is > there interest to sandbox > other subprocesses in opensmtpd ? > (I can add the autoconf layer later). > I don't know how others feel about this, but I'm not too fond of adding capsicum code to our tree quite _yet_. I can cope with minor compile-time delta between master/portable if the reason is justified, but at this point in the age of our project I will not be too happy with _runtime_ delta between master and portable. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
