[cap-talk] Dan Bernstein's qmail security lessons paper

Sandro Magi smagi at higherlogics.com
Sun Dec 16 19:07:35 EST 2007


James A. Donald wrote:
> But your company web server does need to be pretty much
> privileged to run your business, and if a guy from
> Nigeria gets control of it, the principle of least
> privilege does not help much.

As Sam noted, "the business" is rarely a single monolithic entity, but a
number of smaller processes which are composed to create a final product.

Similarly, "the web server" can be a number of different interacting
servers. Consider a coarse-grained split of resources amongst fairly
standard departments, such as accounting, logistics, sales, human
resources, and so on. Enforceable security property using such
coarse-grained divisions: an attack on your shipping system should not
impact payroll.

Finer-grained divisions can enforce even stronger security properties.

Sandro


More information about the cap-talk mailing list