james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kenny Smith <jakarta-ja...@journalscape.com>
Subject Re: WORA Considered Evil ;-)
Date Fri, 27 Jun 2003 15:47:45 GMT
> Pier mentioned this point repeatedly, asserting that security can be 
> gained by running the various pieces of the MTA under different users' 
> privileges.  Since I also lack sysadmin experience, I wonder if someone 
> could tell me the motivation for this precaution. Historically, what 
> went wrong that caused sysadmins to prefer running separate pieces of an 
> MTA under separate users' privileges?

You are correct, it is a holdover from dealing with so many applications 
written in C. The paranoia comes from what's called a buffer overflow 
exploit. In C, if you write special data into memory that goes beyond 
the end of an allocated memory chunk, then the attacker can gain access 
to a shell prompt running as the owner of the process. This means, if 
you were running it as root, the attacker now has root access. However, 
if you segment the whole setup into multiple pieces with multiple users 
and one of the pieces suffers from a buffer overflow exploit, then the 
attacker only gains access to a very small piece of the system. It's all 
about minimizing the potential damage should a programming bug be found.

Java however doesn't suffer from this kind of attack because the JVM 
does bounds checking on your memory, so you can't overflow a buffer.

Kenny Smith

To unsubscribe, e-mail: james-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-dev-help@jakarta.apache.org

View raw message