Date: Fri, 14 Aug 1998 00:04:29 -0400 (EDT) From: Joe Orthoefer <orthoefe@gte.net> To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <Pine.BSF.3.96.980813234929.368A-100000@localhost> In-Reply-To: <19980814123240.63855@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Secure Computing's Sidewinder firewall (built on top of BSDI 2.2) has something similar, they added an additional credential field (as near as I can tell) to processes in order to create role accounts in addition to the normal unix'y thing of user id's and group id's. You login as a user, under a certain role (web, mail, ftp,...), or you start up daemon's at boot (before going multiuser) running under certain roles. The entries to the system calls check to see if the role a process is running as has access to any particular system call. The set of ACL's is compiled into the kernel, with no way to easily change those ACL's once the machine is booted, to do major administration you boot into a different kernel with a lax set of ACL's and no network support. There use to be some white papers at TIS' old site that described similar modifications that they came up with in association with their "Trusted Mach" research. Joe Orthoefer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980813234929.368A-100000>