Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
MAC policies and shared hosting
From: Borja Marcos (BORJAMARSARENET.ES)
Date: Wed May 03 2006 - 08:49:39 CDT
I've been looking at the different MAC modules available and how they
cold help to implement a less insecure than usual shared hosting web
I've not been able to come up with a suitable configuration, looking
at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC
module with the following policies could be very useful for such an
environment. Have I missed anything? Has something similar been done?
The module would (roughly) work as follows:
Defining security levels in a similar way to mac_mls or mac_biba,
we define a range of uids as sysctl variables to be used as
"compartiments". For example,
And it would be implemented so that:
Below a given security level, (mac.mac_uids.enforce_below)
- Any operation of a subject with uid x (between lowuid and highuid)
on an object with uid y (between lowuid and highuid) would fail.
- A subject with a given security level could not modify an object
with a higher security level.
This, combined with a chroot tree would (I think) be much better than
the typical solutions available. The webserver process would be
launched as a low-security subject, and it is assumed that it would
make a setuid() before launching a CGI process. And perhaps it
wouldn't be so hard to modify an existing webserver so that it
changed the uid when serving a page associated with a virtual server,
adding a uid parameter to virtual servers.
What do you think? Ideas? (This is only a quick and dirty idea)
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"