Date: Fri, 5 May 2006 11:24:34 +0200 From: Borja Marcos <BORJAMAR@SARENET.ES> To: Borja Marcos <BORJAMAR@SARENET.ES> Cc: freebsd-security@freebsd.org, Robert Watson <rwatson@FreeBSD.org> Subject: Re: MAC policies and shared hosting Message-ID: <38D971A6-3942-4115-B2CE-40D6592E1F17@SARENET.ES> In-Reply-To: <FDEE8EA9-0AA0-4CD9-854F-B543A1288101@SARENET.ES> References: <CB6E482F-221F-4D31-8814-BF4A23D3E19E@SARENET.ES> <20060504172309.D17611@fledge.watson.org> <FDEE8EA9-0AA0-4CD9-854F-B543A1288101@SARENET.ES>
next in thread | previous in thread | raw e-mail | index | archive | help
> Regarding the multi-level idea, it would be a second phase. I would > like to be able to contain effectively a possible root escalation > from a poorly written CGI or PHP script. I know, it would be anyway > extremely hard. But if we could launch the web server process with > an additional lower security level inherited by all of its child > processes, we could prevent damage to the system even by a child > processes that escalated to root. And I answer myself :) (forgot to add this) Another desired functionality involves making sure that code injected into a poorly written PHP or CGI module cannot (for example) establish unauthorized network connections, listen(), etc. The FreeBSD ipfw has a lot of potential, but, unfortunately, ftp complicates the implementation of a simple uid-based limitation. Security levels would help here as well. Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38D971A6-3942-4115-B2CE-40D6592E1F17>