Date: Fri, 14 Aug 1998 12:32:40 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: freebsd-security@FreeBSD.ORG Subject: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <19980814123240.63855@deepo.prosa.dk>
next in thread | raw e-mail | index | archive | help
(see message below)
Is this any form of restriction that can be implemented
in *BSD systems ? I.e.: restricting system calls to
certain classes of daemons ?
As mentioned in the example below, why should POPd be allowed
to exec() ? This seems like a very sane approach (of course,
it implies knowledge/auditing of the code).
Then we could have certain untrusted (i.e.: running as
root) daemons launched in such an environment, on top
of being chroot()ed.
-----Forwarded message from Duncan Simpson <dps@IO.STARGATE.CO.UK>-----
From: Duncan Simpson <dps@IO.STARGATE.CO.UK>
Subject: Using capabilties aaginst shell code
To: BUGTRAQ@NETSPACE.ORG
Date: Wed, 12 Aug 1998 21:33:51 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The development of capabilities with Linux (and some section of POSIX, if the
header is to be believed) creates an opportunity for tightening security by
sandboxing daemons---imapd and popd have no legitimate use for various system
calls, for example. In particular exec is fundamental to most buffer overrun
shellcode and not required by many daemons.
[...]
-----End of forwarded message-----
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
The Internet is busy. Please try again later.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980814123240.63855>