Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-01-21 | remove proc_forward_imsg since it's unused | Omar Polo | |
2023-07-24 | reopen log files upon SIGUSR2 | Omar Polo | |
2023-06-11 | add a privsep crypto engine | Omar Polo | |
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way). | |||
2023-06-08 | rework the daemon to do fork+exec | Omar Polo | |
It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too. |