[OLPC Security] qmail security
C. Scott Ananian
cscott at laptop.org
Tue Dec 18 13:57:34 EST 2007
On Dec 18, 2007 1:48 PM, Michael Stone <michael at laptop.org> wrote:
> Ivan and I reviewed briefly reviewed this paper together the day it was
> released. Which parts did you find to be most relevant? Which parts did
> you have questions about?
I thought the concrete description of the UNIX api for strictly
limiting permissions for subprocesses a useful checklist (are we
applying all of these limits?) and, in general, I thought it similar
enough to our implementation strategy to be worth a mention on
whatever wiki pages document our implementation (are there any?).
It seems like making as much as possible of the datastore and sugar
'untrusted code', for example, would be very wise. It would also be
worthwhile to audit our code for uses of 'system' and 'subprocess' and
replace as many as possible of the forked processes with some
'safe_fork' function which limited permissions in the same way
pnmtojpeg was encapsulated.
--scott
--
( http://cscott.net/ )
More information about the Security
mailing list