From owner-freebsd-current  Mon Dec 14 15:48:34 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA02582
          for freebsd-current-outgoing; Mon, 14 Dec 1998 15:48:34 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from fep2-orange.clear.net.nz (fep2-orange.clear.net.nz [203.97.32.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA02572
          for <freebsd-current@FreeBSD.ORG>; Mon, 14 Dec 1998 15:48:31 -0800 (PST)
          (envelope-from jabley@buddha.clear.net.nz)
Received: from buddha.clear.net.nz (buddha.clear.net.nz [192.168.24.106]) by fep2-orange.clear.net.nz (1.5/1.9) with ESMTP id MAA04930; Tue, 15 Dec 1998 12:48:19 +1300 (NZDT)
Received: (from jabley@localhost)
	by buddha.clear.net.nz (8.9.1/8.9.1) id MAA29605;
	Tue, 15 Dec 1998 12:48:19 +1300 (NZDT)
Message-ID: <19981215124818.A22526@clear.co.nz>
Date: Tue, 15 Dec 1998 12:48:18 +1300
From: Joe Abley <jabley@clear.co.nz>
To: Kevin Day <toasty@home.dragondata.com>
Cc: freebsd-current@FreeBSD.ORG, jabley@clear.co.nz
Subject: Re: modification to exec in the kernel?
References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199812142331.RAA17203@home.dragondata.com>; from Kevin Day on Mon, Dec 14, 1998 at 05:31:43PM -0600
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Dec 14, 1998 at 05:31:43PM -0600, Kevin Day wrote:
> 
> I dunno if this fits your requirements or not, but in the past where this
> was necessary, i simply put these user's home directories on a volume
> mounted with 'noexec'.

I looked at that; however, remember the users will have chrooted access
to their directories, and within the chrooted tree will be /usr and
descendants containing controlled binaries (owned by someone else, e.g.
"root") like perl, awk, sh, etc.

We were planning to keep them on the same filesystem, and use hard links
from the chrooted trees to allow them to appear to the users.

The alternative I looked at was to mount the chrooted /usr read-only once
for each user into their private tree without noexec, and mount the
filesystem containing the user-modifiable stuff with noexec.

However, this means we have to mount the same device hundreds of times
simultaneously on the same box (or else maintain separate /usr trees
on separate filesystems for each user). This all looks like mount bloat.


Joe


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message