Date: Sun, 22 Sep 2002 21:33:11 -0700 From: Juli Mallett <jmallett@FreeBSD.org> To: Paul Schenkeveld <fb-hackers@psconsult.nl> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Just a wild idea Message-ID: <20020922213311.A99425@FreeBSD.org> In-Reply-To: <20020922161453.A13323@psconsult.nl>; from fb-hackers@psconsult.nl on Sun, Sep 22, 2002 at 04:14:53PM %2B0200 References: <20020922161453.A13323@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
* De: Paul Schenkeveld <fb-hackers@psconsult.nl> [ Data: 2002-09-22 ] [ Subjecte: Just a wild idea ] > Hi All, > > I've been playing with jails for over 2 years now. I really like > them but we often use them to run a process as root with reduced > power only to get access to TCP and UDP ports below 1024. > > For many applications however, for example lpd, named, sendmail, > tac_plus and others, it would be more than good enough to run that > program as a normal, non-root user provided there is a way to bind > to that single low TCP and/or UDP port that the program needs access > to. The problem is that suser(9) sucks. I had a nice system which used gids and fell back to uid0, but the gids were sysctl tunables, and were very fine-grained (in as much as they could be), and uid0 could be disabled. I don't have it anymore, but it's pretty trivial to implement. Lots of people want suser(9) to die, and I have spoken a bit with rwatson@ on this subject, and I seem to recall that with the intro of MAC, he had some ideas for killing off suser(9)... Maybe just replace all suser(9) uses with MAC credential checks, and install MAC_UNIX by default, which would be set up to behave like ye olden UNIX... Who knows. Anyway, your idea strikes me as not generalised enough to justify itself. In a "local FreeBSD mods" way, it might do the job great for you, but a more generalised approach is likely better. You are picking one of the symptoms of the problem of UNIX historically having this admittedly-thick security methodology and working around the problem. Attacking the problem is likely to be easier, and more elegant, too :) juli. -- Juli Mallett <jmallett@FreeBSD.org> | FreeBSD: The Power To Serve Will break world for fulltime employment. | finger jmallett@FreeBSD.org http://people.FreeBSD.org/~jmallett/ | Support my FreeBSD hacking! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020922213311.A99425>