From owner-freebsd-hackers@FreeBSD.ORG Thu Aug 21 09:22:59 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33CF016A504 for ; Thu, 21 Aug 2003 09:22:57 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71E0E43FA3 for ; Thu, 21 Aug 2003 09:22:56 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 2D6443ABB3F; Thu, 21 Aug 2003 18:23:46 +0200 (CEST) Date: Thu, 21 Aug 2003 18:23:46 +0200 From: Pawel Jakub Dawidek To: Dan Nelson Message-ID: <20030821162346.GM47959@garage.freebsd.pl> References: <20030817181315.GL55671@episec.com> <20030821065854.GA11586@dan.emsphone.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="lbQeYSs6J2ITmUo7" Content-Disposition: inline In-Reply-To: <20030821065854.GA11586@dan.emsphone.com> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE-p3 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: freebsd-hackers@freebsd.org cc: ari Subject: Re: [future patch] dropping user privileges on demand X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2003 16:22:59 -0000 --lbQeYSs6J2ITmUo7 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 21, 2003 at 01:58:54AM -0500, Dan Nelson wrote: +> Have you taken a look at Cerb? http://cerber.sourceforge.net/ +>=20 +> It does something similar, but uses a C-like language to control a +> processes actions. This lets you get extremely fine-grained control +> (allow httpd to bind to only port 80, once), but the rules run as +> "root", so they can grant as well as revoke privileges. A useful +> modification would be to allow users to submit their own policies that +> can only disallow actions (i.e. all arguments and process variables are +> read-only, and the script can either pass the syscall through or return +> a failure code, nothing else). I'm planing to do so in next CerbNG version, as well as allow jailed-roots to load rules that affects only jailed-processes. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --lbQeYSs6J2ITmUo7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP0TyEj/PhmMH/Mf1AQFJ8QP+PgB+3wyUKyJjQ5jJRjYVz1/+/HiUyjA+ i98+zvfIQU9Vt5VP72T3gbe9Sqku2vMdTJIc4ejDGHuz5yjZTSDt5GGU12oytDO0 Ebm4+1y+UJ02gfC96JYo0YWuIocpd6D6UrTI3173EKTi4i5yV+/NfXtJuEvnFSjZ Bc3rP8Yag1I= =8QZf -----END PGP SIGNATURE----- --lbQeYSs6J2ITmUo7--