Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Sep 2002 04:22:29 -0700 (PDT)
From:      Julian Elischer <julian@elischer.org>
To:        Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Changing process informations.
Message-ID:  <Pine.BSF.4.21.0209150408520.82711-100000@InterJet.elischer.org>
In-Reply-To: <20020915105815.GT68652@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sun, 15 Sep 2002, Pawel Jakub Dawidek wrote:

> On Sat, Sep 14, 2002 at 11:05:11PM -0600, M. Warner Losh wrote:
> +> In message: <20020915030157.GP68652@garage.freebsd.pl>
> +>             Pawel Jakub Dawidek <nick@garage.freebsd.pl> writes:
> +> : Hello hackers...
> +> : 
> +> : When I want change process real or effective uid in kld module
> +> : I got functions change_ruid() and change_euid().
> +> : I need change many others informations about process.
> +> 
> +> Why do you want to cahnge the process real or effective id from a kld
> +> module?  That seems to me to be violating the normal policy
> +> proceedures that the kernel should be enforcing.
> 
> This is for security reasons:)
> I'm writing module that will be complete security solution.
> Where You could define policies per process.
> Old version of this stuff works like systrace, new one is
> much more functional and You can specify capabilities
> per process.
> Here You got some example configuration files:
> 
> 	http://garage.freebsd.pl/cerb-ng/start.cb
> 	http://garage.freebsd.pl/cerb-ng/ping.cb
> 	http://garage.freebsd.pl/cerb-ng/passwd.cb
> 	http://garage.freebsd.pl/cerb-ng/openssh.cb
> 	http://garage.freebsd.pl/cerb-ng/end.cb
> 
> Most of code is done already, but I have to be sure that I don't
> do any ugly/evil things that's why I'm asking.
> 
> Any comments/ideas/solutions are welcome.

When it is time for an invention, it get's invented many times
at that time....

OpenBSD have this. It has been completed, including a GUI front end.
It was demo'd at USENIX.. very cool.
(maybe someone can tell us he name? I looked but can't find it)

    Someone was porting it to FreeBSD..

julian





> 
> -- 
> Pawel Jakub Dawidek
> UNIX Systems Administrator
> http://garage.freebsd.pl
> Am I Evil? Yes, I Am.
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0209150408520.82711-100000>