[future patch] dropping user privileges on demand
Joshua Oreman
oremanj at get-linux.org
Thu Aug 21 10:01:28 PDT 2003
On Thu, Aug 21, 2003 at 12:39:00AM -0700 or thereabouts, Kris Kennaway wrote:
> On Thu, Aug 21, 2003 at 01:58:54AM -0500, Dan Nelson wrote:
>
> > It does something similar, but uses a C-like language to control a
> > processes actions. This lets you get extremely fine-grained control
> > (allow httpd to bind to only port 80, once), but the rules run as
> > "root", so they can grant as well as revoke privileges. A useful
> > modification would be to allow users to submit their own policies that
> > can only disallow actions (i.e. all arguments and process variables are
> > read-only, and the script can either pass the syscall through or return
> > a failure code, nothing else).
>
> Exercise for the reader: find a situation where the failure to perform
> a syscall that normally succeeds, leads to privilege escalation :-)
setuid(), seteuid(), setruid()
-- Josh
>
> Kris
More information about the freebsd-hackers
mailing list