Bryan Henderson wrote:
> this out. But the difference is that the piped-to transport program
> is a much simpler program, and the goal is to have the setuid flag on
> the smallest, simplest possible programs so as to avoid opening up a
> security hole due to human confusion.
and
> I have a program
> called "socketexec" that simply binds a socket and then execs a named
> program with it as Standard Input. Kind of like a junior inetd. A
> similar program sets uids and such and then execs a named program,
> passing on all open files.
and
> That's what I'm hoping a setuid (and possibly execute-permitted only
> to the exim group) piped-to program can accomplish.
Sound to me like you want to re-invent qmail, daemontools and
ucspi-tcp. Personally I've given up on using those for e-mail,
but if security outranks all other concerns by a few orders of
magnitude then why not. If you're not familiar with qmail, you
may want to check out "The big qmail picture":
http://www.nrg4u.com/qmail/the-big-qmail-picture-103-p1.gif
And few more links:
http://cr.yp.to/
http://www.qmail.org/
http://www.lifewithqmail.org/lwq.html
Bob
&References=432893F9.50705@db.org&In-Reply-To=432893F9.50705@db.org&Body=On%202005-09-14%2021:19,%20Bob%20Johannessen%20wrote:%0A>%20Bryan%20Henderson%20wrote:%0A>%20>%20this%20out.%20%20But%20the%20difference%20is%20that%20the%20piped-to%20transport%20program%0A>%20>%20is%20a%20much%20simpler%20program,%20and%20the%20goal%20is%20to%20have%20the%20setuid%20flag%20on%0A>%20>%20the%20smallest,%20simplest%20possible%20programs%20so%20as%20to%20avoid%20opening%20up%20a%0A>%20>%20security%20hole%20due%20to%20human%20confusion.%0A>%20%0A>%20and%0A>%20%0A>%20>%20I%20have%20a%20program%0A>%20>%20called%20%22socketexec%22%20that%20simply%20binds%20a%20socket%20and%20then%20execs%20a%20named%0A>%20>%20program%20with%20it%20as%20Standard%20Input.%20%20Kind%20of%20like%20a%20junior%20inetd.%20%20A%0A>%20>%20similar%20program%20sets%20uids%20and%20such%20and%20then%20execs%20a%20named%20program,%0A>%20>%20passing%20on%20all%20open%20files.%0A>%20%0A>%20and%0A>%20%0A>%20>%20That's%20what%20I'm%20hoping%20a%20setuid%20(and%20possibly%20execute-permitted%20only%0A>%20>%20to%20the%20exim%20group)%20piped-to%20program%20can%20accomplish.%0A>%20%0A>%20Sound%20to%20me%20like%20you%20want%20to%20re-invent%20qmail,%20daemontools%20and%0A>%20ucspi-tcp.%20Personally%20I've%20given%20up%20on%20using%20those%20for%20e-mail,%0A>%20but%20if%20security%20outranks%20all%20other%20concerns%20by%20a%20few%20orders%20of%0A>%20magnitude%20then%20why%20not.%20If%20you're%20not%20familiar%20with%20qmail,%20you%0A>%20may%20want%20to%20check%20out%20%22The%20big%20qmail%20picture%22:%0A>%20%0A>%20http://www.nrg4u.com/qmail/the-big-qmail-picture-103-p1.gif%0A>%20%0A>%20And%20few%20more%20links:%0A>%20http://cr.yp.to/%0A>%20http://www.qmail.org/%0A>%20http://www.lifewithqmail.org/lwq.html%0A>%20%0A>%20%0A>%20%0A>%20%0A>%20%0A>%20%0A>%20 "Reply to this message")
