Re: [Mldonkey-users] MLDonkey & Debian ( Trying to do an Official Package )

[Sylvain LE GALL]

On Thu, May 29, 2003 at 07:39:51PM +0200, Simon Peter wrote:
> > As I said, every byte received from the network in mldonkey is
> > translated to a nice Ocaml structure. Ocaml does checks on all string
> > accesses, to avoid overflows. Of course, there are not many programs
> > in Ocaml, so some bugs are still there somewhere, but on the other
> > hand, the Ocaml runtime is pretty small, and it can easily be verified
> > that these checks are correctly done.
> 
> Did anyone do that until now? If not, we're back at #2.
> 
> I'm sure you do your best to code as correctly and safe as possible, and
> also the Ocaml developers hopefully did their best to make their
> compilers as safe as possible. But this doesn't do anything to the fact,
> that all is developed by humans, and humans are fallible. So all
> software is inherently faulty (i bet you knew that already ;) ) and
> crackers use exactly that fact for their own good.
> 

I just add : program are also faillible. And can generate problem.

> 
> Well, with network daemons, he should always go for security first. But
> having it run chrooted with a debian package is not the usual way
> either. This would rather fit as a special, security-enhanced package,
> but not in the base distribution. As Debian is not designed to have
> daemons running chrooted by default, this will lead to all kinds of
> problems. Chrooting in general can't be easily automated, since the
> installation scripts can't easily be knowing about all files the
> sysadmin wants the chrooted program to see.
> 

I agree that it is not for base installation. It will be a debconf
option. I think i need to look for bind which need to be chrooted. 

> > don't like the mis-trust and the associated security campaigns of the
> > modern world, I prefer thinking that we are all friends (anyway, there
> 
> I'm still trying to believe in it, but the world showed me otherwise,
> unfortunately...
> 
> And chrooting is not only about being paranoid of crackers, it is also
> about being aware about logic (human) errors in the software. What if
> mldonkey decides to go bonkers and erase half of my HD? I just need to
> have it run as root for just the startup time to let it get some
> privileged ports and it could do that in no delay. Also when solely
> running as its own user, it could do at least some harm to other
> programs by deleting some files in certain world-writable directories
> (/tmp for example).
> 

I agree with your point, i don't like giving access to program that has
write permission. 

( typo error : /tmp is set sticky so only creator of a file could erase
the file... by default in debian standard install ).

Regard
Sylvain LE GALL