From owner-freebsd-security Wed Jun 26 13:40:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id B0F1037CA15 for ; Wed, 26 Jun 2002 13:13:52 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.3/8.12.3) with ESMTP id g5QKDjDK025154; Wed, 26 Jun 2002 16:13:45 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.3/8.12.3/Submit) id g5QKDjF6025151; Wed, 26 Jun 2002 16:13:45 -0400 (EDT) (envelope-from wollman) Date: Wed, 26 Jun 2002 16:13:45 -0400 (EDT) From: Garrett Wollman Message-Id: <200206262013.g5QKDjF6025151@khavrinen.lcs.mit.edu> To: Poul-Henning Kamp Cc: FreeBSD Security Mailling List Subject: Re: OpenSSH Security (just a question, please no f-war) In-Reply-To: <7492.1025118456@critter.freebsd.dk> References: <7492.1025118456@critter.freebsd.dk> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > Which reminds me that we should really tweak the code and put it in a > jail instead of a chroot. Something I'd really love to see, and I hope that the TrustedBSD work will eventually make it easier to implement this, is a gensym mechanism for UIDs. That is to say, I'd like a process which is trying to reduce privilege to be able to get a UID which is guaranteed to be distinct from any other UID on the system. The number itself doesn't have to be unique, but the result of calling setuniqueuid() would be to set a flag in the process credentials causing all DAC permission checks to fail. (This could be implemented as a MAC policy that simply says ``no'' to every request from such a process.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message