Date: Thu, 21 Aug 2003 10:01:22 -0700 From: Joshua Oreman <oremanj@get-linux.org> To: Kris Kennaway <kris@obsecurity.org> Cc: hackers@freebsd.org Subject: Re: [future patch] dropping user privileges on demand Message-ID: <20030821170122.GC10811@webserver> In-Reply-To: <20030821073900.GA90003@rot13.obsecurity.org> References: <20030817181315.GL55671@episec.com> <20030821065854.GA11586@dan.emsphone.com> <20030821073900.GA90003@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 21, 2003 at 12:39:00AM -0700 or thereabouts, Kris Kennaway wrote: > On Thu, Aug 21, 2003 at 01:58:54AM -0500, Dan Nelson wrote: > > > It does something similar, but uses a C-like language to control a > > processes actions. This lets you get extremely fine-grained control > > (allow httpd to bind to only port 80, once), but the rules run as > > "root", so they can grant as well as revoke privileges. A useful > > modification would be to allow users to submit their own policies that > > can only disallow actions (i.e. all arguments and process variables are > > read-only, and the script can either pass the syscall through or return > > a failure code, nothing else). > > Exercise for the reader: find a situation where the failure to perform > a syscall that normally succeeds, leads to privilege escalation :-) setuid(), seteuid(), setruid() -- Josh > > Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030821170122.GC10811>