Date: Fri, 14 Aug 1998 23:12:12 +0000 From: Niall Smart <rotel@indigo.ie> To: Philippe Regnauld <regnauld@deepo.prosa.dk>, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <199808142212.XAA01134@indigo.ie> In-Reply-To: <19980814123240.63855@deepo.prosa.dk>; Philippe Regnauld <regnauld@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 14, 12:32pm, Philippe Regnauld wrote: } Subject: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.U > (see message below) > > Is this any form of restriction that can be implemented > in *BSD systems ? I.e.: restricting system calls to > certain classes of daemons ? I think Thomas Ptacek did something like this. As for the example mentioned (no execve for imapd), I'm not sure its at all useful. You'll have to have really fine grained control over what syscalls with which paramters are accessible. Just because someone can't execve doesn't mean they can't add an entry to /etc/passwd or modify roots or the sysadmins .login etc I think that a better solution is either an aclfs or a daemon which will accept requests from other processes for file descriptors/sockets etc meaning that the imapd could run as nobody. Even better is additionally make chroot secure and put it in there. Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808142212.XAA01134>