Date: Mon, 7 Jul 1997 16:05:07 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Sean Eric Fagan <sef@kithrup.com> Cc: security@FreeBSD.ORG Subject: Re: Security Model/Target for FreeBSD or 4.4? Message-ID: <Pine.BSF.3.95q.970707153631.3248B-100000@cyrus.watson.org> In-Reply-To: <199707071837.LAA23476@kithrup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Jul 1997, Sean Eric Fagan wrote: > [...] > > This was discussed here a few months ago (a year ago?). It would have been > something along the lines of: > > net.inet.ip.<portnumber> <uid> > > and then using it like > > sysctl -w net.inet.ip.25=`id smtp` > > or somesuch. Unfortunately, that doesn't address the distinction between TCP and UDP services.. I'm not sure that is a huge issue, but it seems relevant. The formatting for this is looking more an more like an ipfirewall config file. I wonder if the similarities between the interfaces could be merged in some way? Also, since we're looking at putting permissions on port-binding, are there any other related resources or capabilities under BSD that are not limited by the current restrictions? Various types of socket communication don't appear to be. On a related note, has anyone given any thought to making chroot() a user-accessible call? I haven't really looked at it, so am not sure why it can only be called by uid root programs. In terms of sandboxing (which seems to be popular these days for various applications), it would be nice to restrict programs to specific regions of the disk, etc. Especially if you are a non-root user developing programs that require special libraries, etc. Or if you want to run a restricted web or ftp server, but don't have root access (as hopefully would be the case with the lighter restrictions on binding ports <1024.) Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970707153631.3248B-100000>