[future patch] dropping user privileges on demand
Dan Nelson
dnelson at allantgroup.com
Wed Aug 20 23:58:58 PDT 2003
In the last episode (Aug 17), ari said:
> Currently, root is the only user that can actually drop significant
> privileges, as root is the only user that has access to such
> functions. This is flawed --- any user should be able to relinquish
> his privileges, and i've begun a patch to put this into effect.
Have you taken a look at Cerb? http://cerber.sourceforge.net/
It does something similar, but uses a C-like language to control a
processes actions. This lets you get extremely fine-grained control
(allow httpd to bind to only port 80, once), but the rules run as
"root", so they can grant as well as revoke privileges. A useful
modification would be to allow users to submit their own policies that
can only disallow actions (i.e. all arguments and process variables are
read-only, and the script can either pass the syscall through or return
a failure code, nothing else).
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-hackers
mailing list