From owner-freebsd-security Wed Nov 28 12:19:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from borja.sarenet.es (borja.sarenet.es [192.148.167.77]) by hub.freebsd.org (Postfix) with ESMTP id 907A037B405 for ; Wed, 28 Nov 2001 12:19:36 -0800 (PST) Received: from there (localhost [127.0.0.1]) by borja.sarenet.es (8.11.3/8.11.3) with SMTP id fASKIqA25080; Wed, 28 Nov 2001 21:18:53 +0100 (CET) (envelope-from borjamar@sarenet.es) Message-Id: <200111282018.fASKIqA25080@borja.sarenet.es> Content-Type: text/plain; charset="iso-8859-1" From: Borja Marcos To: Brett Glass Subject: Re: Security zone Date: Wed, 28 Nov 2001 21:18:50 +0100 X-Mailer: KMail [version 1.3.1] References: <4.3.2.7.2.20011124162959.04085de0@localhost> <4.3.2.7.2.20011125091418.049f7450@localhost> In-Reply-To: <4.3.2.7.2.20011125091418.049f7450@localhost> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday 25 November 2001 17:15, you wrote: > This only helps if you run every application setuid to a > unique uid. And then it can't get at your personal files.... > There's an additional matrix of capabilities here that > ought to be independent of uid or gid. =09(Sorry for the delay) =09I find the issue a bit complex. Which criteria could I use in ipfw rul= es?=20 The program name? I use process accounting in most machines, and it can b= e a=20 great tool, but an intruder can notice it and rename his/her programs so = that=20 the executions get logged as harmless commands. At least the uid is more=20 difficult for an user to alter than a process name. =09Or are you thinking about something more complex? Perhaps using progra= m=20 signatures? For now, I think that the uid/gid parameters in ipfw rules ca= n be=20 very convenient. =09Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message