Date: Sun, 15 Sep 2002 05:04:01 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Pawel Jakub Dawidek <nick@garage.freebsd.pl> Cc: freebsd-hackers@freebsd.org, rwatson@freebsd.org Subject: Re: Changing process informations. Message-ID: <Pine.BSF.4.21.0209150458090.82711-100000@InterJet.elischer.org> In-Reply-To: <20020915114935.GU68652@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Sep 2002, Pawel Jakub Dawidek wrote: > On Sun, Sep 15, 2002 at 04:32:21AM -0700, Julian Elischer wrote: > +> > +> Ah I think I found the name for the OpenBSD version.. > +> I think it's called systrace.. > > Nope. Systrace is working like old cerb version: > > http://garage.freebsd.pl/cerb.tgz > > It can downgrade permission, deny some actions, but it cannot add any > priviliges. Cerb-ng is something diffrent, check example configs. > > With cerb-ng You don't need any set-uid-root binaries or root demons > and much more. if this is being done on -current then it occurs to me that you may be aboe to make use of: 1/ the MAC stuff rob watson is doing 2/ teh extended atribute stuff being done, where a program can store a lot of meta data with itself (like a MACOS data fork) including possible the ruleset for itself. Very cool.. do you have a writup of cerb-ng? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0209150458090.82711-100000>