root on ports
bdumm at bobby.bcpub.com
Sat Feb 17 04:35:23 PST 2001
> Would you give me the exact differece between alfs_app and alfs.pm?
> (you dont mean frontend<->backend, do you?)
> Whatever, a chain is only as strong as its weakest part.
Ah, ok. We are not on the same page here. So maybe that is
why there is confusion. What has happened is we have split the
"backend" into three main pieces. This provides all kinds of
flexibility and puts functions like these security issues into a
certain piece. The three pieces are an alfs_app, ALFS.pm
and handlers. With ALFS.pm it is only providing framework
functionality between the alfs_app and the handlers. This is
things like autoloading, fixtext, messaging, and so on.
One of those features we need is the ability to become root
as certain handlers will demand it. Now I could make my
alfs_app just run as root, and sit it on the port. But I would
rather not do that if possible. I would rather run my alfs_app
with the user nobody or similiar. Doing so will require some way
for the alfs_app to pass through ALFS.pm a root process. ie.
the make_install handler is running, grabs $password from the
alfs_app and uses that to "become root" for that handler.
>From my previous "purposed ideas" of what you could do to avoid
attacks, that has to do with alfs_app, not ALFS.pm or the handlers.
In your alfs_app you could use ssl, ssh, and even add in schemes
I mentioned, or other ones you know. You decide how paranoid
you are, and how important this data is, etc. If you want expert
techniques added to your alfs_app, these can be added. Just
like Net::SSL in perl easily allows SSL features, there is a ton
of other such things in perl to provide security.
BTW I appreciate your comments, as I agree that ALFS has
"High Security Installation" capabilties. Does the seperation
make more sense? I wanted to keep the "encryption" of the
basic <passwd> element as simple as say crypt. If we make it
too specific we would eliminate frontends that could be made
or work within our framework? By leaving it simple, and letting
the ALFS designer make their alfs_app and frontend, then they
can provide whatever security is necessary.
More information about the alfs-discuss