From owner-freebsd-security Tue May 11 23:52:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id 7260714DD7 for ; Tue, 11 May 1999 23:52:04 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id QAA05838; Wed, 12 May 1999 16:51:28 +1000 (EST) From: Darren Reed Message-Id: <199905120651.QAA05838@cheops.anu.edu.au> Subject: Re: Wrapping syscalls To: shadows@whitefang.com (Thamer Al-Herbish) Date: Wed, 12 May 1999 16:51:27 +1000 (EST) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "Thamer Al-Herbish" at May 11, 99 02:29:02 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Thamer Al-Herbish, sie said: > > On Wed, 12 May 1999, Darren Reed wrote: > > > Logging would be interesting, as would write'ing data to be sent > > back to the client :-) Lets hope they're not interested in using > > CGI either :-) > > You would need some granulity I suppose. Just looked at the TIS > post, it's been done and done well it seems. TIS post ? > > This isn't a capability based solution in the traditional sense of > > that term, more of a means being able to deny yourself use of certain > > system calls. > > Absolutely not. What you described is somewhat like a product from Axent. Capabilities are not tied to system calls, system calls just provide a user interface to them. Darern To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message