Date: Thu, 21 Aug 2003 22:44:03 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: ari <edelkind-freebsd-hackers@episec.com>, freebsd-hackers@freebsd.org, flowpriv@episec.com Subject: Re: [future patch] dropping user privileges on demand Message-ID: <20030821204403.GN47959@garage.freebsd.pl> In-Reply-To: <20030821170915.GZ55671@episec.com> References: <20030817181315.GL55671@episec.com> <20030821065854.GA11586@dan.emsphone.com> <20030821125028.GY55671@episec.com> <20030821162156.GL47959@garage.freebsd.pl> <20030821170915.GZ55671@episec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--dZihrQ6eCIduWT38
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Aug 21, 2003 at 01:09:15PM -0400, ari wrote:
+> [...] The programmer
+> should be able to drop filesystem creation permissions, without worrying
+> about the need to drop open, mkfifo, bind, link, symlink, mkdir, and any
+> other system calls that happen to be available in this particular kernel
+> version. [...]
In CerbNG you only need to write a macro like:
#define DROP_FS_CREATION() \
if (syscall =3D=3D SYS_open || syscall =3D=3D SYS_mkfifo || \
syscall =3D=3D SYS_bind || syscall =3D=3D SYS_link || ...) { \
return (EPERM); \
}
+> Of course it isn't a well-known standard. It hasn't even been written
+> yet, aside from some proof-of-concept code that i have yet to package up
+> and put on the site. Nor was systrace a well-known standard before it
+> was written (not that it's necessarily a "standard" now, though it is
+> quite popular). I wouldn't expect programmers to immediately begin
+> using this code; if it catches on, however, and it's implemented in a
+> number of different operating systems, then there stands a greater
+> chance. If it doesn't catch on and isn't used, then so be it.
As I said. Stuff like systrace or cerb doesn't need to be standarized,
because it is transparent for applications. It doesn't need any work from
userland application programmer. That's why it is easy to addopt for
non-BSD-licensed applications or even for non-open-source applications.
--=20
Pawel Jakub Dawidek pawel@dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
--dZihrQ6eCIduWT38
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iQCVAwUBP0UvEz/PhmMH/Mf1AQGpYwP8CGVaEDKJPOvoNqsDQi4chf/7bWoEP4VL
+wB4VzkJUEpJkgHDRlqHd+074znlj76XhCfVlKIiB0PSLFOSEVgixNFCr6JH6geA
U8AFcdG7UBRx2yCGgwXkLnSjwjY7Z7AceKAu5tKSvO3G94rWaLyW7l3seA06Ium1
Bz94128LDXk=
=NJ8X
-----END PGP SIGNATURE-----
--dZihrQ6eCIduWT38--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030821204403.GN47959>