Immunix SubDomain http://immunix.org/subdomain.html does exactly what you want. You can write a profile per CGI script that describes the set of files the script may read, write, and execute. The profile is written using regular expressions, so you can add flexibility to it. The profile can be applied as a global default, or per script. It can even be applied when you are using mod_perl or mod_php, when there is no actual call to exec(). Here's a screen shot of what a profile looks like http://immunix.org/subdomain.htmlFirst of all i did not express myself very clear: (for the ones who replied), i said virtual shared environment, not virtual machine, so i am not talking about VMware or other software like that. My main concern is the security in a server (eg webhosting provider), where multiple users are hosted, and everybody must be restricted to get out of his own home.
That is unfortunate, as SubDomain is linux only.The jail(8) solution seems fair to me, because i use FreeBSD on all servers,
To those complaining that this has noting to do with "secure coding." I disagree. This is a meta-language describing the permitted behavior of applications. It is secure coding in another form, with several attractive properties:
* It is a meta-language, so it does not interfere with the structure
of the base program.
* It can be applied to closed-source binaries.
* It is purely declarative, so it is easy to construct assurance
arguments based on the content of the SubDomain profile.Crispin
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
