* De: Paul Schenkeveld <[EMAIL PROTECTED]> [ Data: 2002-09-22 ]
[ Subjecte: Just a wild idea ]
> Hi All,
>
> I've been playing with jails for over 2 years now. I really like
> them but we often use them to run a process as root with reduced
> power only to get access to TCP and UDP ports below 1024.
>
> For many applications however, for example lpd, named, sendmail,
> tac_plus and others, it would be more than good enough to run that
> program as a normal, non-root user provided there is a way to bind
> to that single low TCP and/or UDP port that the program needs access
> to.
The problem is that suser(9) sucks. I had a nice system which used gids
and fell back to uid0, but the gids were sysctl tunables, and were very
fine-grained (in as much as they could be), and uid0 could be disabled.
I don't have it anymore, but it's pretty trivial to implement.
Lots of people want suser(9) to die, and I have spoken a bit with
rwatson@ on this subject, and I seem to recall that with the intro
of MAC, he had some ideas for killing off suser(9)...
Maybe just replace all suser(9) uses with MAC credential checks, and
install MAC_UNIX by default, which would be set up to behave like
ye olden UNIX... Who knows.
Anyway, your idea strikes me as not generalised enough to justify
itself. In a "local FreeBSD mods" way, it might do the job great
for you, but a more generalised approach is likely better. You are
picking one of the symptoms of the problem of UNIX historically
having this admittedly-thick security methodology and working around
the problem. Attacking the problem is likely to be easier, and more
elegant, too :)
juli.
--
Juli Mallett <[EMAIL PROTECTED]> | FreeBSD: The Power To Serve
Will break world for fulltime employment. | finger [EMAIL PROTECTED]
http://people.FreeBSD.org/~jmallett/ | Support my FreeBSD hacking!
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
