Subject: Re: privilege "separation" vs. saved set-user-ID
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Dan Melomedman <dan@devonit.com>
List: current-users
Date: 09/10/2003 10:17:12
Greg A. Woods wrote:
> [ On Tuesday, September 9, 2003 at 12:06:24 (-0400), Dan Melomedman wrote: ]
> > Subject: Re: BSD Authentication
> >
> > As far as services are concerned, the right thing to do
> > is to drop root, and chroot to a jail as soon as it's not needed. Too bad
> > this methodology isn't used often. Sendmail and BIND traditionally
> > didn't have this feature. I believe the new BIND finally has this
> > feature, and the risk for the root exploit is lower with the new BIND.
>
> Yes, BIND "finally" gained this feature quite some time ago. (sadly a
> great many sites are still running BIND as root all the time)
>
> Unfortunately it doesn't do something like Sendmail one bit of good in
> many modern systems, at least not with the default configs and installs,
> since any foreign code exploit can just make use of the saved
Sendmail is so horrible, the modern systems should just simply ship with
something else instead, Postfix is a good alternative, and so is Courier.