current-users: Re: Privilege Elevation with systrace

Subject: Re: Privilege Elevation with systrace
To: None <current-users@netbsd.org>
From: Martin J. Laubach <mjl@usenet-2002-07.emsi.priv.at>
List: current-users
Date: 10/12/2002 10:00:37

| > netbsd-socket: sockdom eq "AF_INET" and socktype eq "SOCK_RAW" then \
| > permit as root

  Can such a policy be encoded in the program itself? I just had
a flash of daymare where nothing normally suid works any more because
I trashed my policy description file (or the systrace binary).

	mjl