Re: Which is more secure?

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
MChris Bradley, mensaje del <-
MGreg A. Woods, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Jon Peatfield
Fecha:  
A: necron
Cc: jp107, exim-users
Temas nuevos: Re: several messages
Asunto: Re: Which is more secure?
> But, the way Exim is written, does Exim stay in "root" mode longer
> in "Setuid" mode than in "setuid+seteuid" mode? That is, if we were trying
> to reduce the amount of time the code is running with a uid of root,
> would you choose "setuid" or "setuid+seteuid" security mode?

The real trick IMHO is to reduce the amount of time spent running as root or
being cabable of being root. In this case setuid() is clearly better than
seteuid(), since the seteuid() case can still return to root if there is a bug
causing it to execute nasty code (e.g. a stack problem).

In the case of the setuid() code, exim must re-exec itself to gain root privs,
this may mean spending longer as root in terms of cycles spent, but the area
(or it is volume?) of code executed as root is much smaller, and the means to
break it much harder.

Just my view though.

BTW what happened to the person who claimed that he had found loads of
security holes in Exim, was it true or were they fake?

-- Jon



Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Which is more secure?Mail file locks->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)