From owner-freebsd-security  Fri Oct 18 19:36:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC26B37B401
	for <security@FreeBSD.org>; Fri, 18 Oct 2002 19:36:31 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 09B1F43E9C
	for <security@FreeBSD.org>; Fri, 18 Oct 2002 19:36:31 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9J2ZxOo040447
	for <security@FreeBSD.org>; Fri, 18 Oct 2002 22:35:59 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 18 Oct 2002 22:35:59 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: security@FreeBSD.org
Subject: PRIVMAN -- library for privilege separation
Message-ID: <Pine.NEB.3.96L.1021018223010.18787C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Network Associates Laboratories' CBOSS Project has funded a variety of new
things in FreeBSD 5.0 including UFS2, a lot of the TrustedBSD work, etc. 
That stuff already gets a fair amount of exposure on the FreeBSD side, so
I wanted to point people at another project under CBOSS, PRIVMAN.  PRIVMAN
is a library to make it easier for developers to create privilege
separated applications (similar to that used in Cyrus for password
checking, OpenSSH for privsep, or in some of the OWL daemons, etc).  It's
still under development, but we'd welcome any feedback you have to
privman@nailabs.com: 

   http://opensource.nailabs.com/privman/

We provide patches against the BSD FTPd, WU-FTPd, and thttpd to
demonstrate how the library can be used with existing applications to
improve their resistence to attacks.  Questions can be directed to Doug
Kilpatrick <dougk@tislabs.com> at NAI Labs.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message