[future patch] dropping user privileges on demand
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Thu Aug 21 09:11:53 PDT 2003
On Thu, Aug 21, 2003 at 12:39:00AM -0700, Kris Kennaway wrote:
+> > It does something similar, but uses a C-like language to control a
+> > processes actions. This lets you get extremely fine-grained control
+> > (allow httpd to bind to only port 80, once), but the rules run as
+> > "root", so they can grant as well as revoke privileges. A useful
+> > modification would be to allow users to submit their own policies that
+> > can only disallow actions (i.e. all arguments and process variables are
+> > read-only, and the script can either pass the syscall through or return
+> > a failure code, nothing else).
+>
+> Exercise for the reader: find a situation where the failure to perform
+> a syscall that normally succeeds, leads to privilege escalation :-)
The answer is: Every network daemon. If you could compromise it,
you get local access.
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030821/1f5a416e/attachment.bin
More information about the freebsd-hackers
mailing list