Date: Sat, 15 Aug 1998 13:09:55 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: Joe Orthoefer <orthoefe@gte.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <19980815130955.44989@deepo.prosa.dk> In-Reply-To: <Pine.BSF.3.96.980813234929.368A-100000@localhost>; from Joe Orthoefer on Fri, Aug 14, 1998 at 12:04:29AM -0400 References: <19980814123240.63855@deepo.prosa.dk> <Pine.BSF.3.96.980813234929.368A-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Orthoefer writes:
> Secure Computing's Sidewinder firewall (built on top of BSDI 2.2) has
[...]
> The set of ACL's is compiled into
> the kernel, with no way to easily change those ACL's once the machine is
> booted, to do major administration you boot into a different kernel with a
> lax set of ACL's and no network support.
Sounds like what Borderware had -- but I think it was just that
one kernel (runtime) had most dangerous syscalls removed, and
the other (maintenance) had those syscalls, but network was
disabled.
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
The Internet is busy. Please try again later.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980815130955.44989>