On Jan 19,  9:54am, "Travis H." wrote:
} On 8/29/06, Andrew Reilly <andrew-netbsd@areilly.bpc-users.org> wrote:
} > How can someone else write my security policy for me?
} 
} Well, I think "security policy" is an overloaded term, so let's talk about
} "SELinux policy".
} 
} For example, we know in advance that sendmail will write to mail
} spool files in /var/spool/mail.  And that it binds to TCP port 25.

     We do?  Glad you know that.  As a point of fact, sendmail will do
no such thing.  It will call an LDA (Local Delivery Agent) to do this.
procmail is one example of an LDA.  mail.local which comes with
sendmail is another.  Many OSes come with their own.  However, sendmail
will read/write files in /var/spool/clientmqueue and /var/spool/mqueue
(or where ever the config file tells it).

} And to fork off certain programs.  And so on.  So we give sendmail

     Such as the LDA mentioned above.

} permission to just do those things, and nothing else.  Sendmail does
} not usually need to spawn xterm.

} > What sort of applications are we talking about?
} 
} Mostly exposed network daemons, like httpd, sendmail, and perhaps
} bind.  Since these are usually provided as services for remote
} systems, they are a common intrusion vector.  Other daemons like nfsd
} are not typically made available through the firewall, so do not
} require as much attention.

     However, that doesn't mean they don't need protection.  It is well
known that many attacks come from inside the firewall.  Of course, for
real security, you shouldn't be using plain NFS.  Also, we don't know
when somebody might breach the firewall or the firewall administrator
might make a mistake.  Defense in depth and all that.

}-- End of excerpt from "Travis H."