From owner-freebsd-security  Fri Aug 14 15:18:29 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA26863
          for freebsd-security-outgoing; Fri, 14 Aug 1998 15:18:29 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from indigo.ie (ts02-002.dublin.indigo.ie [194.125.134.132])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA26782
          for <freebsd-security@FreeBSD.ORG>; Fri, 14 Aug 1998 15:18:12 -0700 (PDT)
          (envelope-from rotel@indigo.ie)
Received: (from nsmart@localhost)
	by indigo.ie (8.8.8/8.8.7) id XAA01134;
	Fri, 14 Aug 1998 23:12:12 +0100 (IST)
	(envelope-from rotel@indigo.ie)
From: Niall Smart <rotel@indigo.ie>
Message-Id: <199808142212.XAA01134@indigo.ie>
Date: Fri, 14 Aug 1998 23:12:12 +0000
In-Reply-To: <19980814123240.63855@deepo.prosa.dk>; Philippe Regnauld <regnauld@deepo.prosa.dk>
Reply-To: rotel@indigo.ie
X-Files: The truth is out there
X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96)
To: Philippe Regnauld <regnauld@deepo.prosa.dk>, freebsd-security@FreeBSD.ORG
Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Aug 14, 12:32pm, Philippe Regnauld wrote:
} Subject: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.U
> 	(see message below)
> 
> 	Is this any form of restriction that can be implemented 
> 	in *BSD systems ?  I.e.: restricting system calls to
> 	certain classes of daemons ?

I think Thomas Ptacek did something like this.

As for the example mentioned (no execve for imapd), I'm not sure
its at all useful.  You'll have to have really fine grained control
over what syscalls with which paramters are accessible.  Just
because someone can't execve doesn't mean they can't add an entry
to /etc/passwd or modify roots or the sysadmins .login etc

I think that a better solution is either an aclfs or a daemon which
will accept requests from other processes for file descriptors/sockets
etc meaning that the imapd could run as nobody.  Even better is
additionally make chroot secure and put it in there.


Niall

-- 
Niall Smart, rotel@indigo.ie.
Amaze your friends and annoy your enemies:
echo '#define if(x) if (!(x))' >> /usr/include/stdio.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message