Pawel Jakub Dawidek
nick at garage.freebsd.pl
Tue Aug 26 03:01:34 PDT 2003
On Fri, Aug 01, 2003 at 06:12:46PM -0700, Matthew Dillon wrote:
+> Consider the difference between running something like named as we run
+> it now, even in a chroot'd environment, verses running something like
+> named in a restricted environment which has the rules:
+> * R/W allowed in /etc/namedb/s, /etc/namedb/run, and
+> * /dev access only to /dev/null and /dev/zero
+> * read-access to standard /etc config files for libc support,
+> which does NOT include access to the password file.
+> * no ability to run suid/sgid programs or to connect to any
+> socket resource other then port X, Y, and Z.
+> * no other access (no ability to exec suid/sgid programs, no
+> ability to access other socket resources, no ability to access
+> random devices in /dev, no ability to run esoteric system calls
+> that named has no business running, whether they are supposed to
+> be secure or not. No ability to access the password file or
+> The same can be said for Apache, sendmail, and just about any other
+> service one might run, as well as programs like sudo which are
+> ridiculouslyl dangerous.
You can look at my project - CerbNG wich provide such functionality in
its own way:
and here are example policies:
I'm considering porting CerbNG to DFly while it is based on FreeBSD 4.x.
Pawel Jakub Dawidek pawel at xxxxxxxxxxx
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 305 bytes
Desc: "Description: PGP signature"
More information about the Kernel