Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Nov 1999 22:54:48 -0500 (EST)
From:      David Gilbert <dgilbert@velocet.ca>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        David Gilbert <dgilbert@velocet.ca>, security@FreeBSD.ORG
Subject:   Re: sandboxed bind.
Message-ID:  <14382.12936.936602.17527@trooper.velocet.net>
In-Reply-To: <199911140344.TAA32979@apollo.backplane.com>
References:  <bulk.47978.19991113192456@hub.freebsd.org> <14382.11991.536272.989358@trooper.velocet.net> <199911140344.TAA32979@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>>>> "Matthew" == Matthew Dillon <dillon@apollo.backplane.com> writes:

Matthew>     I don't use chrooted environments myself... I used to but
Matthew> they're just too difficult to maintain across updates and
Matthew> other things.  It would be nice if there were something
Matthew> inbetween -- something that, for example, disables suid and
Matthew> sgid within a set of processes that works in a manner similar
Matthew> to a chroot'd environment.  Without access to suid/sgid
Matthew> binaries there is precious little a program run in a
Matthew> user/group sandbox can do outside the sandbox.

Well... you use the tools at hand to protect yourself as best you
can...

This naturally leads into a discussion (had many times, I'm sure)
about an entire rethinking of the UN*X security model.  The permanent
givaway of privs is a good idea... as is the ability to have some
privs without all of them.

I've often thought that the ability to change to an arbitrary user
that login does could be structured without login being root, for
instance.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://www.velocet.net/~dgilbert             |   are precisely opposite.  |
=========================================================GLO================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14382.12936.936602.17527>