From owner-freebsd-security  Sun Dec 13 16:04:58 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA00688
          for freebsd-security-outgoing; Sun, 13 Dec 1998 16:04:58 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from sky.fit.qut.edu.au (sky.fit.qut.edu.au [131.181.2.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00635
          for <freebsd-security@FreeBSD.ORG>; Sun, 13 Dec 1998 16:04:47 -0800 (PST)
          (envelope-from gaskell@fit.qut.edu.au)
Received: from sentry.isrc.qut.edu.au (qmailr@sentry.isrc.qut.edu.au [131.181.97.10])
	by sky.fit.qut.edu.au (8.8.8/8.8.8/tony) with SMTP id KAA17172
	for <freebsd-security@FreeBSD.ORG>; Mon, 14 Dec 1998 10:04:40 +1000 (EST)
Received: (qmail 29081 invoked from network); 14 Dec 1998 00:04:39 -0000
Received: from primrose.isrc.qut.edu.au (gaskell@131.181.6.10)
  by secure.isrc.qut.edu.au with SMTP; 14 Dec 1998 00:04:39 -0000
Date: Mon, 14 Dec 1998 10:04:38 +1000 (EST)
From: Gary Gaskell <gaskell@fit.qut.edu.au>
X-Sender: gaskell@primrose.isrc.qut.edu.au
To: Barrett Richardson <brich@aye.net>
cc: Mike Thompson <miket@dnai.com>, freebsd-security@FreeBSD.ORG
Subject: Re: Securing FreeBSD Internet Servers
In-Reply-To: <Pine.BSF.3.96.981213125805.29068A-100000@phoenix.aye.net>
Message-ID: <Pine.GSO.3.95.981214095956.12024E-100000@primrose.isrc.qut.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 13 Dec 1998, Barrett Richardson wrote:

>an executable can be run (John Dyson's idea). This prevents
>users from running arbitrary executeables (actually I need
>to modify ld.so so that LD_LIBRARY_PATH is hardcoded before
>the idea is complete -- Joel Ray Holveck's idea). I had to write

I recall a previous project on Solaris where I used a flag to cc to tell
the LD_LIBRARY_PATH and LD_RUN_PATH to a hardcoded value.  I dunno if that
could work for you on FreeBSD.  My memory is a bit vague - sorry.

Cheers,
Gary


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message