Date: Sun, 15 Sep 2002 12:58:15 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: freebsd-hackers@freebsd.org Subject: Re: Changing process informations. Message-ID: <20020915105815.GT68652@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--+nLR7g8KNfrRqv5t Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 14, 2002 at 11:05:11PM -0600, M. Warner Losh wrote: +> In message: <20020915030157.GP68652@garage.freebsd.pl> +> Pawel Jakub Dawidek <nick@garage.freebsd.pl> writes: +> : Hello hackers... +> :=20 +> : When I want change process real or effective uid in kld module +> : I got functions change_ruid() and change_euid(). +> : I need change many others informations about process. +>=20 +> Why do you want to cahnge the process real or effective id from a kld +> module? That seems to me to be violating the normal policy +> proceedures that the kernel should be enforcing. This is for security reasons:) I'm writing module that will be complete security solution. Where You could define policies per process. Old version of this stuff works like systrace, new one is much more functional and You can specify capabilities per process. Here You got some example configuration files: http://garage.freebsd.pl/cerb-ng/start.cb http://garage.freebsd.pl/cerb-ng/ping.cb http://garage.freebsd.pl/cerb-ng/passwd.cb http://garage.freebsd.pl/cerb-ng/openssh.cb http://garage.freebsd.pl/cerb-ng/end.cb Most of code is done already, but I have to be sure that I don't do any ugly/evil things that's why I'm asking. Any comments/ideas/solutions are welcome. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --+nLR7g8KNfrRqv5t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPYRnxz/PhmMH/Mf1AQFZfAQAkvpPh+REFEWxRVQSau2aILVL8VTf2xcD x68iAJvQFtG8Ie+aivpjXvYbf6EpO23+BcMG+P/gyVgGXSaRbDXE4EQGFsOLp6ik mp81dcPZVAiJ2cF9BdBz20uu26TotleeSA1m4ENPzTQovQx25QW0LLSgEudR9FyF hHsn7ypZU6c= =nvnX -----END PGP SIGNATURE----- --+nLR7g8KNfrRqv5t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020915105815.GT68652>