Dante: A Socks server and client implementation [LSARC/2008/632 timeout 10/22/2008]

Mayuresh Nirhali Mayuresh.Nirhali at sun.com
Tue Oct 21 05:55:00 PDT 2008 

Thanks James for your fast response, my comments inline.

James Carlson wrote:
> Mayuresh Nirhali writes:
>   
>>       Does the project integrate any private non-public files into /etc/default
>>       or /etc/ configuration files?
>>       [X] Yes - ARC review required
>>       [ ] No
>>     
>
> I thought all of the project's configuration files were public, not
> private.  I don't see any private files in /etc listed in the
> interface table.
>
> What private bits are shipped via /etc?  (Note that "uncommitted" is a
> public stability level.)
>
>   
The answer should be 'No', sorry.
The updated proposal is attached.
>>       Are there any setuid/setgid privileged binaries in the project?
>>       [X] Yes - ARC review required
>>       [ ] No - continue with next section (section 3.4.3)
>>     
>
> The previous response said that there weren't any setuid or setgid
> binaries.  I'm confused.
>
> If you deliver RBAC bits (such as exec_attr) and/or an SMF manifest,
> then the binary itself often isn't setuid.
>
>   
Sorry for the confusion here, the previous response was incorrect as I 
mentioned in my earlier mail.
Dante makes a lot of seteuid/geteuid calls.
My understanding is that, Call to seteuid/geteuid allows all the users 
to run such binary (ofcourse if the 's' bit is set). and We are using 
roles (RBAC) to prevent non-privileged users to run dante server. Using 
roles (RBAC) here means that the seteuid/geteuid calls are really not 
needed. please correct me if I am wrong.

I have added some more comments in answer to that question in the proposal.
>>       Are passwords stored within the file system for the component?
>>       [ ] Yes
>>       [X] No - continue to next section (section 3.4.6)
>>     
>
> I thought it was possible to include user names and passwords in the
> configuration files, if you configure without PAM.
>   
Dante checks for SOCKS_USERNAME & SOCKS_PASSWORD variables in the 
environment. It does not look at the config files. am I missing anything 
here ?


Thanks
Mayuresh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dante-proposal_v3.txt
URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20081021/68b2f7ee/attachment.txt>

More information about the opensolaris-arc mailing list