[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with scheduler on SCO

[ On Wed, April 12, 1995 at 05:18:35 (-0300), Carlos G. Mendioroz wrote: ]
> Subject: Re: Problems with scheduler on SCO
> I've been running Zmailer 2.x on SCO for some time now, by forking a new
> process every time a setuid is needed. Not very cool ;-) but not very 
> expensive if the system does a copy on write for the (child) process memory.
> It works. As far as I know, it's secure.
> Comments ?

Yes, this is the correct way to follow the UNIX security model.  Forking
isn't supposed to be expensive in UNIX, and indeed it's not on systems
with copy-on-write virtual memory implementations.

Of course an even safer way to follow the UNIX model is to write small,
carefully controlled, modules that can run setuid to root where
absolutely necessary, and to run the remaining blob of code at the level
of a normal user, preferably one with restricted access to the rest of
the system.

I'd be interested in receiving a copy of the patches you're using to
give zmailer this ability.

							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>