From owner-freebsd-security  Fri Aug 14 10:00:34 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA26948
          for freebsd-security-outgoing; Fri, 14 Aug 1998 10:00:34 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from smtp1.mailsrvcs.net (smtp1.gte.net [207.115.153.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA26942
          for <freebsd-security@FreeBSD.ORG>; Fri, 14 Aug 1998 10:00:33 -0700 (PDT)
          (envelope-from orthoefe@gte.net)
Received: from localhost (cracktown.com [208.226.218.140])
	by smtp1.mailsrvcs.net  with SMTP id LAA16029;
	Fri, 14 Aug 1998 11:59:30 -0500 (CDT)
Date: Fri, 14 Aug 1998 00:04:29 -0400 (EDT)
From: Joe Orthoefer <orthoefe@gte.net>
X-Sender: orthoefe@localhost
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK>
In-Reply-To: <19980814123240.63855@deepo.prosa.dk>
Message-ID: <Pine.BSF.3.96.980813234929.368A-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Secure Computing's Sidewinder firewall (built on top of BSDI 2.2) has
something similar, they added an additional credential field (as near as I
can tell) to processes in order to create role accounts in addition to the
normal unix'y thing of user id's and group id's.  You login as a user,
under a certain role (web, mail, ftp,...), or you start up daemon's at
boot (before going multiuser) running under certain roles.  The entries to
the system calls check to see if the role a process is running as has
access to any particular system call.  The set of ACL's is compiled into
the kernel, with no way to easily change those ACL's once the machine is
booted, to do major administration you boot into a different kernel with a
lax set of ACL's and no network support. 

There use to be some white papers at TIS' old site that described similar
modifications that they came up with in association with their "Trusted
Mach" research.

Joe Orthoefer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message