1995-08-03 - Re: NYET–attempted formal specs (again)

Header Data

From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: e18e741089610456bd2012f6066ae0425bf748c0257d24d3a432976ab4565af1
Message ID: <9508030905.AA15886@cs.umass.edu>
Reply To: <Pine.3.89.9508020848.A4868-0100000@maria.bga.com>
UTC Datetime: 1995-08-03 09:06:05 UTC
Raw Date: Thu, 3 Aug 95 02:06:05 PDT

Raw message

From: futplex@pseudonym.com (Futplex)
Date: Thu, 3 Aug 95 02:06:05 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: NYET--attempted formal specs (again)
In-Reply-To: <Pine.3.89.9508020848.A4868-0100000@maria.bga.com>
Message-ID: <9508030905.AA15886@cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Nathan Zook writes:
> The NYET-software runs as superuser on the ISP's machine.  All minor
> accounts have a corresponding configuration file sitting in their
> account owner's parent's directory, which is locked with read/write by
> owner only flags.  The correspondence between minor and parent
> accounts sits in a file owned by root and similiarly locked.

Just a minor technical comment:
Based on my rather limited experience lurking on the firewalls list, I
believe the preferred security-conscious method of running such daemons
involves _not_ giving them su/root privileges.  Dr. FBC's thttp, for example,
runs as a user named, e.g., "www" with pretty ordinary privileges. They are
also often run in a chroot()ed "jail", so that the process can't see any
directories outside the tree artifically rooted in its home directory. You'd
then need some mechanism for the `rents to submit configuration updates to
the imprisoned daemon, I suppose.  Perhaps digitally-signed email....

-Futplex <futplex@pseudonym.com>
"Before you started tokin' you used to have a brain, but now you don't get
even the simplest of things...." -Offspring




Thread