Date: Fri, 19 Jun 1998 23:07:42 -0400 From: "Allen Smith" <easmith@beatrice.rutgers.edu> To: dg@root.com, njs3@doc.ic.ac.uk (Niall Smart) Cc: dima@best.net, security@FreeBSD.ORG, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <9806192307.ZM29126@beatrice.rutgers.edu> In-Reply-To: David Greenman <dg@root.com> "Re: bsd securelevel patch question" (Jun 14, 6:38pm) References: <199806150138.SAA06234@implode.root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 14, 6:38pm, David Greenman (possibly) wrote: > > - implement a capabilities-based security model; even this isn't > > fool-proof. > > As a former VMS developer, I've been wanting to do that for years in > FreeBSD. login.conf seems like the ideal place to build the privilege > list and the changes to the kernel aren't very difficult, just tedious. > One of these days... Why are you wanting to do it via login.conf, instead of via multiple groups? I'm asking because I'm looking at doing this for ICMP sockets (raw sockets limited to ICMP) so that programs such as ping, squid's pinger, etcetera can be setgid as opposed to setuid. (This is discussed in much detail on http://www.enteract.com/~tqbf/harden.html which is why I'm ccing him.) Thanks, -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9806192307.ZM29126>