36 messages in org.freebsd.freebsd-securityRe: Security Model/Target for FreeBSD...| From | Sent On | Attachments |
|---|---|---|
| Colman Reilly | Jul 5, 1997 3:43 am | |
| Adam Shostack | Jul 5, 1997 8:17 am | |
| Colman Reilly | Jul 5, 1997 2:33 pm | |
| Jordan K. Hubbard | Jul 5, 1997 4:47 pm | |
| Christopher Petrilli | Jul 6, 1997 11:27 am | |
| Jonathan M. Bresler | Jul 6, 1997 2:50 pm | |
| Brian Mitchell | Jul 6, 1997 3:20 pm | |
| Jonathan M. Bresler | Jul 6, 1997 5:13 pm | |
| Colman Reilly | Jul 7, 1997 1:45 am | |
| Duane H. Hesser | Jul 7, 1997 7:48 am | |
| Robert N Watson | Jul 7, 1997 10:08 am | |
| Brian Mitchell | Jul 7, 1997 10:58 am | |
| Adam Shostack | Jul 7, 1997 11:03 am | |
| Sean Eric Fagan | Jul 7, 1997 11:37 am | |
| Robert N Watson | Jul 7, 1997 11:46 am | |
| Jonathan M. Bresler | Jul 7, 1997 11:53 am | |
| Robert Watson | Jul 7, 1997 1:04 pm | |
| Kenneth Stailey | Jul 7, 1997 1:05 pm | |
| Brian Mitchell | Jul 7, 1997 1:38 pm | |
| pro...@suburbia.net | Jul 7, 1997 2:29 pm | |
| Jim Shankland | Jul 7, 1997 3:46 pm | |
| Daniel O'Callaghan | Jul 7, 1997 4:20 pm | |
| Mark Newton | Jul 7, 1997 4:47 pm | |
| Adam Shostack | Jul 7, 1997 5:58 pm | |
| Adam Shostack | Jul 7, 1997 6:09 pm | |
| Poul-Henning Kamp | Jul 7, 1997 11:10 pm | |
| Robert Watson | Jul 8, 1997 8:45 am | |
| Robert Watson | Jul 8, 1997 8:58 am | |
| Colman Reilly | Jul 8, 1997 12:33 pm | |
| Ollivier Robert | Jul 8, 1997 1:20 pm | |
| George Robbins | Jul 8, 1997 1:59 pm | |
| Mark Newton | Jul 8, 1997 5:29 pm | |
| Robert Watson | Jul 9, 1997 9:09 am | |
| Eivind Eklund | Jul 9, 1997 9:57 am | |
| David Holland | Jul 9, 1997 3:09 pm | |
| Wes Peters | Jul 9, 1997 10:07 pm |
| Subject: | Re: Security Model/Target for FreeBSD or 4.4? | |
|---|---|---|
| From: | Jonathan M. Bresler (...@) | |
| Date: | Jul 7, 1997 11:53:12 am | |
| List: | org.freebsd.freebsd-security | |
hmm....from memory:
jan simon-pendry created a filesystem called portals for just this purpose or allowing non-root processes access to low numbered ports using filesystem permissions. put sendmail as user sendmail and only let user sendmail read/write to port 25. teh 4.4BSD ssm (system ... manual) has a usenix paper on portals
jmb
Adam Shostack wrote:
I brough up the idea of doing this on the openbsd list. We agreed that there wasn't a clean way to do it. I'm experimenting with ways of doing it, leaning towords a sysctl controlled list of port, gid pairs. I don't know of anyone who has implemented it.
The overhead should be pretty minimal.
I chose not to depend on files, which is ugly, but not so ugly as having the kernel depend on files during startup.
The other thought that has occured to me, but I expect it to be more expensive, is to use a packet filter with NAT capabilities to translate port bindings to high numbers for appropriate daemons. Since this has a per packet hit, I expect it to be very expensive on an ongoing basis.
Adam
Robert N Watson wrote:
| I've heard that OpenBSD now has a feature to allow non-root users to bind | to <1024 ports. It would be nice to see something similar to that under | FreeBSD -- half the daemons (not a verified figure) that run as root | probably don't need root access, except to bind to the port (named, | sendmail, web servers, etc.) I believe the OpenBSD implementation just | gives this access to the daemon user (or something to that extent? Would | love details), but perhaps we could go for something a little more | sophisticated if it doesn't up the overhead too much on the kernel? A | limited list of (port, user) (say a max of 64, except as configured in the | kernel), and if the bind() call matches this for TCP, allow the program to | bind, for example. An appropriate root-owned file (/etc/rc.conf?) could | define those permissions in an ipfirewall-style setup, running early in | the rc sequence.