Deadwood beta on debian lenny
Sam Trenholme
strenholme.usenet at gmail.com
Sun Jul 25 05:34:20 EDT 2010
> Another question, is verbose_level no longer working?
It works but the messages various verbose levels show is completely
different from what MaraDNS does with verbose_level.
To see all DNS queries, one needs a query level of 100.
> reset_rem DwRecurse 1941 0
This is a debug message when tracking down a problem which I neglected
to remove from the beta-test release of Deadwood. The next release
will not have this spurious message.
> Another thing.
> When /etc/deadwood/ is owned by root (as you suggested), deadwood is not
> able to access dw_cache until you create it by hand and chown to the
> deadwood user manually.
I need to document this. Like I said, the code is done; there are a
lot of holes in the documentation.
> Wouldn't it be better to create a dw_cache(and
> chown/chgrp) by deadwood if none exists, before droping root?
I like to do as little as possible before dropping root; anything done
as root gives an attack complete control of the system should there
ever be a security problem in the code. Anything done as "nobody"
only gives an attacker very limited access to the system (being an
unprivileged user trapped in a chroot jail).
As an aside, I really ought to put Deadwood in a sandbox on Windows.
The reason I haven’t is plain simply because I’ve been programming for
Linux more than I’ve programmed for Windows, and haven’t taken the
time to learn how to sandbox things in Windows. As another example of
this, users currently have to make their own entropy source in
Windows, since I didn’t learn, until very recently, about Windows
version of /dev/random: CryptGenRandom().
Thanks a lot for your questions and feedback!
- Sam
More information about the list
mailing list