Subject: Re: finer grained IPNOPRIVPORTing
To: None <tech-kern@NetBSD.org>
From: None <zyp@charm.at>
List: tech-kern
Date: 05/26/2005 03:52:14
Eric Haszlakiewicz <erh@jodi.nimenees.com> wrote:
> On Wed, May 25, 2005 at 08:57:36AM +1000, Daniel Carosone wrote:
>> On Wed, May 25, 2005 at 12:47:15AM +0200, Michael S. wrote:
>>> I was thinking about privileged ports could be bound depending on
>>> having entries in a file (e.g. /etc/privports) with application name
>>> and port number it is allowed do bind without beeing root.
>>
>>systrace already supports this, and much more.
>
> When you want to use systrace policies, do you always need to run the
> programs with "systrace <foo>", or is there a systrace daemon
> somewhere that checks the policies for all programs that are run? or,
> do the policies end up loaded into the kernel somehow, like ipf rules?
They end up in the kernel, and userland utility has to be envolved.
# Access to the systrace facility is provided to userland processes,
# such as systrace(1), through an ioctl(2) interface on the
# pseudo-device /dev/systrace. This interface allows messages to be
# sent from the kernel to the userland process to request confirmation
# of an access policy.
> If you always need to run the systrace binary, how does that
> help get rid of setuid binaries if, in order to enable the privilege
> elevation, you need to be root to start with?
It has to have root privilege, thats why it isn't as useful as it would
be. But its not bad. The way it is done in veriexec would be also
preferable in this case, i think.