On 20 Mar 2003, Timo Sirainen wrote:
On Thu, 2003-03-20 at 21:05, Charlie Brady wrote:
Why do you care about long running login processes?
That gives less amount of total running processes since you don't need extra one for handling SSL.
You need two processes per connection or you don't have adequate privilege separation. In my case, I have one acting either as a cleartext proxy or as an SSL wrapper, and the other does authentication and then execs the imap daemon. How would you avoid one
It also does SSL initialization only once, instead of once per connection. Sure, this could also be done by separate long running SSL process.
Yes, it would be nice to do SSL initialization once, but I don't think the performance issue is enough to compomise the security and reliabilty of the system for.
Anyway, I don't really care much about it since it pretty much means that exploiting it gives access to connections of all users.
So you don't want to have a long running login process after all?
The long running auth process problem can be solved by using a unix domain socket. This is how Bruce Guenter's mailfront works. The authenticator runs long term, and listens to a socket (unix domain preferred, but there are other options). The login process is run from tcpserver, and gathers information from the client, and then connects to the authenticator and verified the information.
So, is it really much different from my design then?
I don't know, but I'm trying to learn. You know your design and your code;
I'm just feeling my way around. Your documentation is good in parts, but
there are still big gaps. The installation documentation only covers
building - I have yet to find anything which tells me how to execute
dovecot (have I missed it?). I'm not sure which processes run when, and
exactly what communication occurs between them over what communication
channels.
Sounds like the only difference is that it runs login code as root and exec()s imap binary after login, where my code sends it through master process which forks new imap process.
I don't know exactly what "sent it through master process" means.
I have a preference for running simple software which I already have reason to trust. This is why I want to use tcpserver, and why I have a leaning towards using mailfront and cvm. I know that stunnel isn't completely wonderful, but it is very widely used, and the chroot feature added by Scott Gifford fixes the principal weakness.
I am looking for a better IMAP daemon than I have at present, but I would prefer not to have a new system of authentication, and a new network connection monitor. There is a lot of new (to me) code in dovecot, but the only code of high value to me is the imap daemon itself.
I hope this explains my line of questioning to you a little.
-- Charlie