From owner-freebsd-current Mon Dec 14 22:44:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA20765 for freebsd-current-outgoing; Mon, 14 Dec 1998 22:44:40 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA20759 for ; Mon, 14 Dec 1998 22:44:29 -0800 (PST) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (IDENT:UoYOzChG2fTDziUdIP3ITQAjqt8O0/a5@greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.9.1/8.9.1) with ESMTP id IAA01897; Tue, 15 Dec 1998 08:44:19 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (IDENT:A18nsY5py8zffvMbwZYd6Ncj08ASJIuT@localhost [127.0.0.1]) by greenpeace.grondar.za (8.9.1/8.9.1) with ESMTP id IAA67338; Tue, 15 Dec 1998 08:44:18 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199812150644.IAA67338@greenpeace.grondar.za> To: Joe Abley cc: Kevin Day , freebsd-current@FreeBSD.ORG Subject: Re: modification to exec in the kernel? In-Reply-To: Your message of " Tue, 15 Dec 1998 12:48:18 +1300." <19981215124818.A22526@clear.co.nz> References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com> <19981215124818.A22526@clear.co.nz> Date: Tue, 15 Dec 1998 08:44:16 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joe Abley wrote: > I looked at that; however, remember the users will have chrooted access > to their directories, and within the chrooted tree will be /usr and > descendants containing controlled binaries (owned by someone else, e.g. > "root") like perl, awk, sh, etc. Your security model is flawed. A user can do anything she wants (justabout) with shellscript and perl. Picking on compiled binaries is not going to make you that much safer. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message