Date: Wed, 26 Jun 2002 16:13:45 -0400 (EDT) From: Garrett Wollman <wollman@lcs.mit.edu> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: FreeBSD Security Mailling List <freebsd-security@FreeBSD.ORG> Subject: Re: OpenSSH Security (just a question, please no f-war) Message-ID: <200206262013.g5QKDjF6025151@khavrinen.lcs.mit.edu> In-Reply-To: <7492.1025118456@critter.freebsd.dk> References: <B93F5971.12FF3%william.carrel@infospace.com> <7492.1025118456@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 26 Jun 2002 21:07:36 +0200, Poul-Henning Kamp <phk@critter.freebsd.dk> said: > Which reminds me that we should really tweak the code and put it in a > jail instead of a chroot. Something I'd really love to see, and I hope that the TrustedBSD work will eventually make it easier to implement this, is a gensym mechanism for UIDs. That is to say, I'd like a process which is trying to reduce privilege to be able to get a UID which is guaranteed to be distinct from any other UID on the system. The number itself doesn't have to be unique, but the result of calling setuniqueuid() would be to set a flag in the process credentials causing all DAC permission checks to fail. (This could be implemented as a MAC policy that simply says ``no'' to every request from such a process.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206262013.g5QKDjF6025151>