Re: [ANNOUNCE][PATCH] New fs to control access to system resources

dean gaudet (dean-list-linux-kernel@arctic.org)
Wed, 16 Jan 2002 10:12:54 -0800 (PST)


On 16 Jan 2002, Olaf Dietsche wrote:

> dean gaudet <dean-list-linux-kernel@arctic.org> writes:
>
> > On 15 Jan 2002, Olaf Dietsche wrote:
> >
> > > For example, you can say, user www is allowed to bind to port 80 or
> > > user mail is allowed to bind to port 25. Then, you can run apache as
> > > user www and sendmail as user mail. Now, you don't have to rely on
> > > apache or sendmail giving up superuser rights to enhance security.
> >
> > typically logging must also occur as some other user than what the daemon
> > runs as, or else your logs are suspect in any sort of break-in. this is
> > no problem for stuff using syslog, but since that's not the default
> > configuration for apache you might want to put a note in any docs you end
> > up including. one suggestion is piped logging through a setuid logger
> > (setuid to user wwwlogs or something, root not required).
>
> Right. But that's user space and shouldn't impact the kernel/accessfs.
> Or did I miss something?

no kernel impact ... i was just suggesting that any accompanying
documentation should be careful to imply that the one change to allow www
to open 80 is all that's required to get rid of apache's root privs. i'm
just worried folks will blindly chown their logs to www.

-dean

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/