Bugtraq mailing list archives
Re: Anonymous Qmail Denial of Service
From: nmm1 () CUS CAM AC UK (Nick Maclaren)
Date: Mon, 4 Jan 1999 17:46:53 +0100
Illuminatus Primus <vermont () GATE NET> writes:
I think it is far easier to implement secure enforcement of policy when the privilege levels are more clearly separated than in setid. Sending the data through sockets is one way to accomplish this. Check out userv: http://www.chiark.greenend.org.uk/~ian/userv/ I'm sure implementing something similar that allows portable authentication of uids wouldn't be that hard - I can think of several schemes right now.
Yes, that is most people's experience on first thinking about the problem, but it becomes harder the deeper you look into it. One very nasty problem is the following: Server A has ownership X and is acting on behalf of user Y. Client B is owned by Y, but is actually a server acting on behalf of user Z, and then calls A. Should A regards its user as X, Y or Z? This sort of thing can be resolved, but is pretty hard to do starting from an unsuitable system (like Unix or MVS.) You need to build the concept of proxy authorities from the very start, and allow for an arbitrary level of nesting. And then you need to start thinking about remote processes, and whether the authentication of the remote system needs to be taken into account. Or things like shared memory servers, where a single transaction may have multiple originators (e.g. the sender and the receiver.) Regards, Nick Maclaren, University of Cambridge Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Email: nmm1 () cam ac uk Tel.: +44 1223 334761 Fax: +44 1223 334679
Current thread:
- Re: Bug, (continued)
- Re: Bug Curt Sampson (Jan 03)
- Re: Bug Jeffrey Hutzelman (Jan 07)
- Anonymous Qmail Denial of Service Wietse Venema (Jan 03)
- Dosemu/S-Lang Overflow + sploit Trev (Jan 03)
- Re: Dosemu/S-Lang Overflow + sploit Erik Mouw (Jan 12)
- Re: Anonymous Qmail Denial of Service Trev (Jan 04)
- Vulnerability database workshop Gene Spafford (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Andrew (Jan 04)
- Improved icmp time/mask querying program David G. Andersen (Jan 04)
- Re: Bug Curt Sampson (Jan 03)
- Re: Anonymous Qmail Denial of Service Illuminatus Primus (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Maclaren (Jan 04)
- Sendmail 8.9.2 released Patrick Oonk (Jan 04)
- SUN almost has a clue! (automountd) (fwd) Robert Borrell (Jan 04)
- Re: SUN almost has a clue! (automountd) (fwd) Bojan Zdrnja (Jan 05)