From owner-freebsd-security@FreeBSD.ORG Mon Mar 2 04:52:38 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C312D10656BA for ; Mon, 2 Mar 2009 04:52:38 +0000 (UTC) (envelope-from erratic@devel.ws) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.238]) by mx1.freebsd.org (Postfix) with ESMTP id A738B8FC2A for ; Mon, 2 Mar 2009 04:52:38 +0000 (UTC) (envelope-from erratic@devel.ws) Received: by rv-out-0506.google.com with SMTP id f6so2342313rvb.43 for ; Sun, 01 Mar 2009 20:52:38 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.201.8 with SMTP id y8mr2713667rvf.126.1235967787015; Sun, 01 Mar 2009 20:23:07 -0800 (PST) Date: Sun, 1 Mar 2009 20:23:06 -0800 Message-ID: <5061b39c0903012023hf4a3ccbw886760bdd795f71c@mail.gmail.com> From: Paige Thompson To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Trusted Path Execution X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2009 04:52:39 -0000 I would like to know that there is or is not a way to prevent users from executing binaries that are not owned by root or that the user is in a particular group. Is this something I can achieve with TrustedBSD's MAC framework?