From owner-freebsd-hackers Sun Sep 15 4:45:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4640037B400 for ; Sun, 15 Sep 2002 04:45:39 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A893243E3B for ; Sun, 15 Sep 2002 04:45:38 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 6C8073ABD40; Sun, 15 Sep 2002 13:49:35 +0200 (CEST) Date: Sun, 15 Sep 2002 13:49:35 +0200 From: Pawel Jakub Dawidek To: Julian Elischer Cc: freebsd-hackers@freebsd.org Subject: Re: Changing process informations. Message-ID: <20020915114935.GU68652@garage.freebsd.pl> References: <20020915105815.GT68652@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="2mNuWrpDTYoom6W8" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://garage.freebsd.pl/jules.pgp X-OS: FreeBSD 4.6-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --2mNuWrpDTYoom6W8 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 15, 2002 at 04:32:21AM -0700, Julian Elischer wrote: +>=20 +>=20 +> On Sun, 15 Sep 2002, Pawel Jakub Dawidek wrote: +>=20 +> > On Sat, Sep 14, 2002 at 11:05:11PM -0600, M. Warner Losh wrote: +> > +> In message: <20020915030157.GP68652@garage.freebsd.pl> +> > +> Pawel Jakub Dawidek writes: +> > +> : Hello hackers... +> > +> :=20 +> > +> : When I want change process real or effective uid in kld module +> > +> : I got functions change_ruid() and change_euid(). +> > +> : I need change many others informations about process. +> > +>=20 +> > +> Why do you want to cahnge the process real or effective id from a k= ld +> > +> module? That seems to me to be violating the normal policy +> > +> proceedures that the kernel should be enforcing. +>=20 +> Ah I tink I found the name for the OpenBSD versin.. +> I think it's systrace.. Nope. Systrace is working like old cerb version: http://garage.freebsd.pl/cerb.tgz It can downgrade permission, deny some actions, but it cannot add any priviliges. Cerb-ng is something diffrent, check example configs. With cerb-ng You don't need any set-uid-root binaries or root demons and much more. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --2mNuWrpDTYoom6W8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPYRzzz/PhmMH/Mf1AQH+4QP/c8md0NAmbRdLNbf3/aFqNOb6UTgXzP+X QoXN+2/2xMgzwx+o5t7slcWuCnkW1sr8ftJTa7OiwwEVASJdv95hK8lu3aq78Yuh L1mCMMHV9ktssg2yE91J8bkAXoC11FyN0jaX38AvfY75UIWR0rCp9d9K54N0uvy8 YudfEG9BAPc= =/sBe -----END PGP SIGNATURE----- --2mNuWrpDTYoom6W8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message