Re: Documentation on OpenBSD's 3-process privsep model?
On 31/03/2021 04:46, Marc Espie wrote: On Tue, Mar 23, 2021 at 09:41:06AM +, Ottavio Caruso wrote: On 23/03/2021 05:53, misopolemiac wrote: I'd appreciate some pointers to documentation or minimal examples of the 3-process privilege separation model for OpenBSD's daemons. Internet searches pointed to skeleton examples at github.com/krwesterback/newd and github.com/krwesterback/newdctl, but those repos are now dead and it's unclear how authoritative they were in the first place. Blind leading the blind here, but I think a good starting point would be recent presentations by Marc Espie, who, I believe but I might be wrong, is the developer who worked the most on privsep. http://www.openbsd.org/events.html Definitely not at all. I haven't worked the most on privsep, by far. and the examples I've worked on are highly specific and probably not applicable to most of the base code. I was wrong then. My apologies. Still, it's worth giving a look at the events page. I have learnt a lot about OpenBSD going through all presentations and papers, despite understanding only 0.1% of the technical details. -- Ottavio Caruso
Re: Documentation on OpenBSD's 3-process privsep model?
On Mar 31, 2021 3:02 AM, Ottavio Caruso wrote: On 31/03/2021 04:46, Marc Espie wrote: > On Tue, Mar 23, 2021 at 09:41:06AM +, Ottavio Caruso wrote: >> On 23/03/2021 05:53, misopolemiac wrote: >>> I'd appreciate some pointers to documentation or minimal examples of >>> the 3-process privilege separation model for OpenBSD's daemons. >>> Internet searches pointed to skeleton examples at >>> github.com/krwesterback/newd and github.com/krwesterback/newdctl, but >>> those repos are now dead and it's unclear how authoritative they were >>> in the first place. >>> >>> >> >> Blind leading the blind here, but I think a good starting point would be >> recent presentations by Marc Espie, who, I believe but I might be wrong, is >> the developer who worked the most on privsep. >> >> http://www.openbsd.org/events.html > > Definitely not at all. > > I haven't worked the most on privsep, by far. > > and the examples I've worked on are highly specific and probably > not applicable to most of the base code. > > I was wrong then. My apologies. Still, it's worth giving a look at the events page. I have learnt a lot about OpenBSD going through all presentations and papers, despite understanding only 0.1% of the technical details. -- Ottavio Caruso I often use the source for identd as a template. It's a fairly simple daemon. So it's easy to gut it and rework it to fit your needs. Edgar
Re: Documentation on OpenBSD's 3-process privsep model?
On Tue, Mar 23, 2021 at 09:41:06AM +, Ottavio Caruso wrote: > On 23/03/2021 05:53, misopolemiac wrote: > > I'd appreciate some pointers to documentation or minimal examples of > > the 3-process privilege separation model for OpenBSD's daemons. > > Internet searches pointed to skeleton examples at > > github.com/krwesterback/newd and github.com/krwesterback/newdctl, but > > those repos are now dead and it's unclear how authoritative they were > > in the first place. > > > > > > Blind leading the blind here, but I think a good starting point would be > recent presentations by Marc Espie, who, I believe but I might be wrong, is > the developer who worked the most on privsep. > > http://www.openbsd.org/events.html Definitely not at all. I haven't worked the most on privsep, by far. and the examples I've worked on are highly specific and probably not applicable to most of the base code.
Re: Documentation on OpenBSD's 3-process privsep model?
On 23/03/2021 05:53, misopolemiac wrote: I'd appreciate some pointers to documentation or minimal examples of the 3-process privilege separation model for OpenBSD's daemons. Internet searches pointed to skeleton examples at github.com/krwesterback/newd and github.com/krwesterback/newdctl, but those repos are now dead and it's unclear how authoritative they were in the first place. Blind leading the blind here, but I think a good starting point would be recent presentations by Marc Espie, who, I believe but I might be wrong, is the developer who worked the most on privsep. http://www.openbsd.org/events.html -- Ottavio Caruso
Documentation on OpenBSD's 3-process privsep model?
I'd appreciate some pointers to documentation or minimal examples of the 3-process privilege separation model for OpenBSD's daemons. Internet searches pointed to skeleton examples at github.com/krwesterback/newd and github.com/krwesterback/newdctl, but those repos are now dead and it's unclear how authoritative they were in the first place.
Re: Documentation on OpenBSD's 3-process privsep model?
misopolemiac wrote: > I'd appreciate some pointers to documentation or minimal examples of > the 3-process privilege separation model for OpenBSD's daemons. > Internet searches pointed to skeleton examples at > github.com/krwesterback/newd and github.com/krwesterback/newdctl, but > those repos are now dead and it's unclear how authoritative they were > in the first place. This is not difficult: Use the repository. Go find a privsep daemon. Go look at the earliest revisions, when the problems were simple. Follow the commits forward. And learn.
