From owner-freebsd-hackers Sun Sep 22 21:33:13 2002 Delivered-To: freebsd-hackers@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 931) id 9AC5037B401; Sun, 22 Sep 2002 21:33:11 -0700 (PDT) Date: Sun, 22 Sep 2002 21:33:11 -0700 From: Juli Mallett To: Paul Schenkeveld Cc: FreeBSD Hackers Subject: Re: Just a wild idea Message-ID: <20020922213311.A99425@FreeBSD.org> References: <20020922161453.A13323@psconsult.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020922161453.A13323@psconsult.nl>; from fb-hackers@psconsult.nl on Sun, Sep 22, 2002 at 04:14:53PM +0200 Organisation: The FreeBSD Project X-Alternate-Addresses: , , , , X-Towel: Yes X-LiveJournal: flata, jmallett X-Negacore: Yes Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * De: Paul Schenkeveld [ Data: 2002-09-22 ] [ Subjecte: Just a wild idea ] > Hi All, > > I've been playing with jails for over 2 years now. I really like > them but we often use them to run a process as root with reduced > power only to get access to TCP and UDP ports below 1024. > > For many applications however, for example lpd, named, sendmail, > tac_plus and others, it would be more than good enough to run that > program as a normal, non-root user provided there is a way to bind > to that single low TCP and/or UDP port that the program needs access > to. The problem is that suser(9) sucks. I had a nice system which used gids and fell back to uid0, but the gids were sysctl tunables, and were very fine-grained (in as much as they could be), and uid0 could be disabled. I don't have it anymore, but it's pretty trivial to implement. Lots of people want suser(9) to die, and I have spoken a bit with rwatson@ on this subject, and I seem to recall that with the intro of MAC, he had some ideas for killing off suser(9)... Maybe just replace all suser(9) uses with MAC credential checks, and install MAC_UNIX by default, which would be set up to behave like ye olden UNIX... Who knows. Anyway, your idea strikes me as not generalised enough to justify itself. In a "local FreeBSD mods" way, it might do the job great for you, but a more generalised approach is likely better. You are picking one of the symptoms of the problem of UNIX historically having this admittedly-thick security methodology and working around the problem. Attacking the problem is likely to be easier, and more elegant, too :) juli. -- Juli Mallett | FreeBSD: The Power To Serve Will break world for fulltime employment. | finger jmallett@FreeBSD.org http://people.FreeBSD.org/~jmallett/ | Support my FreeBSD hacking! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message