|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: CVS commit: src/etc
From: Steven M. Bellovin (smb
cs.columbia.edu)
Date: Wed Apr 06 2005 - 17:51:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <EA4F2C46-75A0-427F-AB5D-39CDD0130963shagadelic.org>, Jason Thorpe
writes:
>
>On Apr 6, 2005, at 12:20 PM, Steven M. Bellovin wrote:
>
>>> What about introducing a concept of nonce-uids? Each process would
>>> be assigned a temporary uid distinct from all other extant
>>> uids. This would be even more powerful than the
>>> dummy-uid-per-daemon model, since it would prevent (say) two
>>> pflogd processes from interfering with each other.
>>>
>>
>> A good idea, but we still need a way to say what files it can access,
>> which is why I mentioned systrace.
>
>Right, and with systrace, you don't even need separate UIDs. User
>"daemon" plus a well-written systrace policy should pretty much cover
>it.
>
Yup -- but we need the policies and, I suspect, a framework to use them
properly.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]