root on ports

Bryan Dumm bdumm at bobby.bcpub.com
Sat Feb 17 04:35:23 PST 2001


> Would you give me the exact differece between alfs_app and alfs.pm?
> (you dont mean frontend<->backend, do you?)
> Whatever, a chain is only as strong as its weakest part.

Ah, ok. We are not on the same page here. So maybe that is 
why there is confusion. What has happened is we have split the 
"backend" into three main pieces. This provides all kinds of 
flexibility and puts functions like these security issues into a 
certain piece. The three pieces are an alfs_app, ALFS.pm
and handlers. With ALFS.pm it is only providing framework 
functionality between the alfs_app and the handlers. This is 
things like autoloading, fixtext, messaging, and so on.  

One of those features we need is the ability to become root 
as certain handlers will demand it. Now I could make my 
alfs_app just run as root, and sit it on the port. But I would 
rather not do that if possible. I would rather run my  alfs_app 
with the user nobody or similiar. Doing so will require some way 
for the alfs_app to pass through ALFS.pm a root process. ie. 
the make_install handler is running, grabs $password from the 
alfs_app and uses that to "become root" for that handler. 

>From my previous "purposed ideas" of what you could do to avoid
attacks, that has to do with alfs_app, not ALFS.pm or the handlers.
In your alfs_app you could use ssl, ssh, and even add in schemes
I mentioned, or other ones you know. You decide how paranoid
you are, and how important this data is, etc. If you want expert 
techniques added to your alfs_app, these can be added. Just 
like Net::SSL in perl easily allows SSL features, there is a ton
of other such things in perl to provide security. 

BTW I appreciate your comments, as I agree that ALFS has 
"High Security Installation" capabilties. Does the seperation
make more sense? I wanted to keep the "encryption" of the 
basic <passwd> element as simple as say crypt. If we make it
too specific we would eliminate frontends that could be made
or work within our framework? By leaving it simple, and letting
the ALFS designer make their alfs_app and frontend, then they
can provide whatever security is necessary. 

Bryan





More information about the alfs-discuss mailing list