From owner-freebsd-hackers Fri Nov 12 8:19: 0 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from omnix.net (omnix.net [195.154.168.66]) by hub.freebsd.org (Postfix) with SMTP id 91CD214F27 for ; Fri, 12 Nov 1999 08:18:52 -0800 (PST) (envelope-from didier@omnix.net) Received: (qmail 5804 invoked by uid 200); 12 Nov 1999 16:18:51 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Nov 1999 16:18:50 -0000 Date: Fri, 12 Nov 1999 16:18:50 +0000 (GMT) From: Didier Derny To: hackers@freebsd.org Subject: "bsd emulation" (controle of cgi execution) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi, I would like to controle the execution of the cgi on my machine (specially the path used by the scripts) each client as a unique group id / user id. the binarie I want to control are either some standard FreeBSD in a chrooted enviromnent or the cgi scripts launched by suexec (largely customized version of apache suexec). for example: I have /home/user1 and /home/user2. with chroot the users are only able to see (from the cgi) /user1 and /user2 but I would like to make /user1 hidden from /user2 (and the same for the reverse case). without having to make a separate chrooted environment for each user. one the idea would be to write a "bsd emulator" base on the linux emulator to trap the system call inside the emulator. nothing would be done by this "emulator" execpt controlling the paths. the other idea would be to modify the bsd to intercept the system call for the process with a specific flag ? (to avoid slowing down standard applications) and a system called could be: processed normaly (read, write...), treated as errors (mount...) or intercepted to controle the path (a kind of suexecd) -- Didier Derny didier@omnix.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message