From: Nathan Zook <nzook@bga.com>
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Message Hash: b6f6850fea1ecf717d3bddc9e143884f88dda7035c486fa89843c7b5c1213c0d
Message ID: <Pine.3.89.9508031320.B15462-0100000@maria.bga.com>
Reply To: <9508030905.AA15886@cs.umass.edu>
UTC Datetime: 1995-08-03 18:33:59 UTC
Raw Date: Thu, 3 Aug 95 11:33:59 PDT
From: Nathan Zook <nzook@bga.com>
Date: Thu, 3 Aug 95 11:33:59 PDT
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: NYET--attempted formal specs (again)
In-Reply-To: <9508030905.AA15886@cs.umass.edu>
Message-ID: <Pine.3.89.9508031320.B15462-0100000@maria.bga.com>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 3 Aug 1995, Futplex wrote:
> Nathan Zook writes:
> > The NYET-software runs as superuser on the ISP's machine. All minor
> > accounts have a corresponding configuration file sitting in their
> > account owner's parent's directory, which is locked with read/write by
> > owner only flags. The correspondence between minor and parent
> > accounts sits in a file owned by root and similiarly locked.
>
> Just a minor technical comment:
> Based on my rather limited experience lurking on the firewalls list, I
> believe the preferred security-conscious method of running such daemons
> involves _not_ giving them su/root privileges. Dr. FBC's thttp, for example,
> runs as a user named, e.g., "www" with pretty ordinary privileges. They are
> also often run in a chroot()ed "jail", so that the process can't see any
> directories outside the tree artifically rooted in its home directory. You'd
> then need some mechanism for the `rents to submit configuration updates to
> the imprisoned daemon, I suppose. Perhaps digitally-signed email....
>
> -Futplex <futplex@pseudonym.com>
> "Before you started tokin' you used to have a brain, but now you don't get
> even the simplest of things...." -Offspring
>
I bow before superior wisdom, such as this....
Nathan
Return to August 1995
Return to “pjm@ionia.engr.sgi.com (Patrick May)”