Date: Thu, 8 Feb 2001 22:26:18 +0100 From: "David Beck" <dbeck@beckground.hu> To: <freebsd-security@freebsd.org> Subject: security improvement ? Message-ID: <002c01c09215$c7291220$5b3346c3@no>
next in thread | raw e-mail | index | archive | help
Hi, First of all, I would like to mention that this thing I describe here: - is not for production use (!!!) - have serious problems (look at the readme file) - mainly for generating discussion about the idea - might introduce security problems The idea here is to introduce further limitations for the usage of syscalls. That is to say x process cannot call y syscall, and if he tries it log it (somewhere). This is like a user (root) configurable profile for a process for calling syscalls. At the moment I wrote a simplified representation of the idea which can limit the usage of the syscalls in a specfied jail. This was faster to do and shows what I think. http://dbeck.beckground.hu/download/scf-0.0.1.tar.gz I'm sure that the way it is implemented is bad and instead of writing a kernel modul like this should make a patch for the kernel. I'm working on the patch, but in the meantime I'm very much interested what the experts say about this. Cheers, David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01c09215$c7291220$5b3346c3>