On Sat, 21 Sep 2002, Ian C. Sison wrote:
> > monolithic:
> > Yes, bind and linux can be _________ ? What's the point?
>
> An OS kernel is too complex and too low level to be broken up into
> different proglets unlike a relatively simple application like an MTA or
> Name server. If we all insisted on a micro-kernel type of Linux, we would
> still be in the pre-alpha stage right now just like the GNU Hurd. A line
> must be drawn, and it's usually on the side of practicality.
>
i agree on this very much. not every piece of software needs to be
modular nor monolithic. there are always exceptions.
>
> > Insecure:
> > Historically yes. with the new version or old version?
>
> A software's history of security issues is enough evidence for me as to
> why its monolith structure is prone to security problems. For now the
> drop priv band aid of sendmail works, but i just wonder how long it will.
the 'drop priv' technique is a *must* among all modern daemons that need
to run as root initially. even qmail does that but in the best way
possible: by handing it off to tcpserver. tcpserver chroots, changes
uid/gid, and then passes the network connection to qmail-smtpd.
by why did this baloon to a big issue? because sendmail always runs as
root so there is a need to drop privs *in every situation* since it's a
monolithic setuid executable. it's like logging into your box as root then
su-ing to a normal user for each task. to avoid that, qmail and postfix
were designed to be modular so that root usage was isolated to the modules
that needed it. therefore, the problem is not on dropping privs, but on
being root inappropriately.
note: bind9.x does more! it even drops all root capabilities except the
ability to bind() and set resource limits. only a kernel bug can allow
the successful intruder (even with uid=0) to regain full root access.
pong
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
