I'd appreciate some pointers to documentation or minimal examples of
the 3-process privilege separation model for OpenBSD's daemons. Internet searches pointed to skeleton examples at github.com/krwesterback/newd and github.com/krwesterback/newdctl, but those repos are now dead and it's unclear how authoritative they were in the first place. |
misopolemiac <[hidden email]> wrote:
> I'd appreciate some pointers to documentation or minimal examples of > the 3-process privilege separation model for OpenBSD's daemons. > Internet searches pointed to skeleton examples at > github.com/krwesterback/newd and github.com/krwesterback/newdctl, but > those repos are now dead and it's unclear how authoritative they were > in the first place. This is not difficult: Use the repository. Go find a privsep daemon. Go look at the earliest revisions, when the problems were simple. Follow the commits forward. And learn. |
In reply to this post by misopolemiac
On 23/03/2021 05:53, misopolemiac wrote:
> I'd appreciate some pointers to documentation or minimal examples of > the 3-process privilege separation model for OpenBSD's daemons. > Internet searches pointed to skeleton examples at > github.com/krwesterback/newd and github.com/krwesterback/newdctl, but > those repos are now dead and it's unclear how authoritative they were > in the first place. > > Blind leading the blind here, but I think a good starting point would be recent presentations by Marc Espie, who, I believe but I might be wrong, is the developer who worked the most on privsep. http://www.openbsd.org/events.html -- Ottavio Caruso |
On Tue, Mar 23, 2021 at 09:41:06AM +0000, Ottavio Caruso wrote:
> On 23/03/2021 05:53, misopolemiac wrote: > > I'd appreciate some pointers to documentation or minimal examples of > > the 3-process privilege separation model for OpenBSD's daemons. > > Internet searches pointed to skeleton examples at > > github.com/krwesterback/newd and github.com/krwesterback/newdctl, but > > those repos are now dead and it's unclear how authoritative they were > > in the first place. > > > > > > Blind leading the blind here, but I think a good starting point would be > recent presentations by Marc Espie, who, I believe but I might be wrong, is > the developer who worked the most on privsep. > > http://www.openbsd.org/events.html Definitely not at all. I haven't worked the most on privsep, by far. and the examples I've worked on are highly specific and probably not applicable to most of the base code. |
On 31/03/2021 04:46, Marc Espie wrote:
> On Tue, Mar 23, 2021 at 09:41:06AM +0000, Ottavio Caruso wrote: >> On 23/03/2021 05:53, misopolemiac wrote: >>> I'd appreciate some pointers to documentation or minimal examples of >>> the 3-process privilege separation model for OpenBSD's daemons. >>> Internet searches pointed to skeleton examples at >>> github.com/krwesterback/newd and github.com/krwesterback/newdctl, but >>> those repos are now dead and it's unclear how authoritative they were >>> in the first place. >>> >>> >> >> Blind leading the blind here, but I think a good starting point would be >> recent presentations by Marc Espie, who, I believe but I might be wrong, is >> the developer who worked the most on privsep. >> >> http://www.openbsd.org/events.html > > Definitely not at all. > > I haven't worked the most on privsep, by far. > > and the examples I've worked on are highly specific and probably > not applicable to most of the base code. > > I was wrong then. My apologies. Still, it's worth giving a look at the events page. I have learnt a lot about OpenBSD going through all presentations and papers, despite understanding only 0.1% of the technical details. -- Ottavio Caruso |
On Mar 31, 2021 3:02 AM, Ottavio Caruso
<[hidden email]> wrote: On 31/03/2021 04:46, Marc Espie wrote: > On Tue, Mar 23, 2021 at 09:41:06AM +0000, Ottavio Caruso wrote: >> On 23/03/2021 05:53, misopolemiac wrote: >>> I'd appreciate some pointers to documentation or minimal examples of >>> the 3-process privilege separation model for OpenBSD's daemons. >>> Internet searches pointed to skeleton examples at >>> github.com/krwesterback/newd and github.com/krwesterback/newdctl, but >>> those repos are now dead and it's unclear how authoritative they were >>> in the first place. >>> >>> >> >> Blind leading the blind here, but I think a good starting point would be >> recent presentations by Marc Espie, who, I believe but I might be wrong, is >> the developer who worked the most on privsep. >> >> http://www.openbsd.org/events.html > > Definitely not at all. > > I haven't worked the most on privsep, by far. > > and the examples I've worked on are highly specific and probably > not applicable to most of the base code. > > I was wrong then. My apologies. Still, it's worth giving a look at the events page. I have learnt a lot about OpenBSD going through all presentations and papers, despite understanding only 0.1% of the technical details. -- Ottavio Caruso I often use the source for identd as a template. It's a fairly simple daemon. So it's easy to gut it and rework it to fit your needs. Edgar |
Free forum by Nabble | Edit this page |