From owner-freebsd-hackers Sun Sep 15 3:54: 4 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F026D37B400 for ; Sun, 15 Sep 2002 03:53:59 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6939443E42 for ; Sun, 15 Sep 2002 03:53:59 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id EAD713ABD40; Sun, 15 Sep 2002 12:58:15 +0200 (CEST) Date: Sun, 15 Sep 2002 12:58:15 +0200 From: Pawel Jakub Dawidek To: freebsd-hackers@freebsd.org Subject: Re: Changing process informations. Message-ID: <20020915105815.GT68652@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="+nLR7g8KNfrRqv5t" Content-Disposition: inline X-PGP-Key-URL: http://garage.freebsd.pl/jules.pgp X-OS: FreeBSD 4.6-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --+nLR7g8KNfrRqv5t Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 14, 2002 at 11:05:11PM -0600, M. Warner Losh wrote: +> In message: <20020915030157.GP68652@garage.freebsd.pl> +> Pawel Jakub Dawidek writes: +> : Hello hackers... +> :=20 +> : When I want change process real or effective uid in kld module +> : I got functions change_ruid() and change_euid(). +> : I need change many others informations about process. +>=20 +> Why do you want to cahnge the process real or effective id from a kld +> module? That seems to me to be violating the normal policy +> proceedures that the kernel should be enforcing. This is for security reasons:) I'm writing module that will be complete security solution. Where You could define policies per process. Old version of this stuff works like systrace, new one is much more functional and You can specify capabilities per process. Here You got some example configuration files: http://garage.freebsd.pl/cerb-ng/start.cb http://garage.freebsd.pl/cerb-ng/ping.cb http://garage.freebsd.pl/cerb-ng/passwd.cb http://garage.freebsd.pl/cerb-ng/openssh.cb http://garage.freebsd.pl/cerb-ng/end.cb Most of code is done already, but I have to be sure that I don't do any ugly/evil things that's why I'm asking. Any comments/ideas/solutions are welcome. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --+nLR7g8KNfrRqv5t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPYRnxz/PhmMH/Mf1AQFZfAQAkvpPh+REFEWxRVQSau2aILVL8VTf2xcD x68iAJvQFtG8Ie+aivpjXvYbf6EpO23+BcMG+P/gyVgGXSaRbDXE4EQGFsOLp6ik mp81dcPZVAiJ2cF9BdBz20uu26TotleeSA1m4ENPzTQovQx25QW0LLSgEudR9FyF hHsn7ypZU6c= =nvnX -----END PGP SIGNATURE----- --+nLR7g8KNfrRqv5t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message