Date: Thu, 21 Aug 2003 01:58:54 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: ari <edelkind-freebsd-hackers@episec.com> Cc: freebsd-hackers@freebsd.org Subject: Re: [future patch] dropping user privileges on demand Message-ID: <20030821065854.GA11586@dan.emsphone.com> In-Reply-To: <20030817181315.GL55671@episec.com> References: <20030817181315.GL55671@episec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Aug 17), ari said: > Currently, root is the only user that can actually drop significant > privileges, as root is the only user that has access to such > functions. This is flawed --- any user should be able to relinquish > his privileges, and i've begun a patch to put this into effect. Have you taken a look at Cerb? http://cerber.sourceforge.net/ It does something similar, but uses a C-like language to control a processes actions. This lets you get extremely fine-grained control (allow httpd to bind to only port 80, once), but the rules run as "root", so they can grant as well as revoke privileges. A useful modification would be to allow users to submit their own policies that can only disallow actions (i.e. all arguments and process variables are read-only, and the script can either pass the syscall through or return a failure code, nothing else). -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030821065854.GA11586>