Date: Sat, 19 Feb 2000 23:46:34 -0800 From: Andre Gironda <andre@sun4c.net> To: Tom Marchand <unixwiz@mediaone.net> Cc: freebsd-security@freebsd.org Subject: Re: Controlled Network Access Message-ID: <20000219234633.G3647@toaster.sun4c.net> In-Reply-To: <200002200009.TAA24866@duval.se.mediaone.net>; from Tom Marchand on Sat, Feb 19, 2000 at 07:04:46PM -0500 References: <200002200009.TAA24866@duval.se.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This was implemented on upt.org and similar source code was made available in various issues of Phrack magazine (for say, Linux and OpenBSD). Access control at the socket layer is a great idea and when combined with techniques like TPE (trusted path execution) and access control or monitoring of system calls, and finally sandbox (i.e. chrooted) environments, one can create a very secure userland environment. dre -- This program has been brought to you by the language C and the number F. On Sat, Feb 19, 2000 at 07:04:46PM -0500, Tom Marchand wrote: > I would like to control which users can access tcpip utilities(ftp,telnet, > etc) by using groups. I realize that this can be accomplished via the > proper file permissions on each utility. This works but it will not prevent > somebody from compiling their own ftp, telnet etc. My thought was to > perform the authorization at the socket level. This would entail > modifaction of the kernel to only allow root or a member of the tcpip group > to open a socket. Does anybody know if this has been done or if it would > even work? I originally had this requirement at work to lock down external > vendors. Since we are an AIX shop it was quite easy. On AIX you must be a > member of the system group to access network utilities. > > -- > Think Different! > Think Apple!! > (YES I DO use macs on the desktop and FreeBSD on the servers!) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000219234633.G3647>