Subject: Re: finer grained IPNOPRIVPORTing
To: Eric Haszlakiewicz <erh@jodi.nimenees.com>
From: Daniel Carosone <dan@geek.com.au>
List: tech-kern
Date: 05/26/2005 19:14:52
--ZhyQ46P6+PZKtzF3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, May 25, 2005 at 10:11:53AM -0500, Eric Haszlakiewicz wrote:
> If you always need to run the systrace binary, how does that help
> get rid of setuid binaries if, in order to enable the privilege elevation,
> you need to be root to start with?

There are a number of ways, one already pointed out.  For the original
purpose described (daemons binding sockets) they're typically started
from rc scripts (or inetd) as root, and systrace can invoke the
program as some other user via -c.

Note also that "privilege elevation" is potentially misnamed; there's
no reason you can't write a systrace policy for a process running as
root to say that most of its syscalls happen as some low-privilege
user (rather than use -c) or multiple such users, if that suits your
needs.

--
Dan.

--ZhyQ46P6+PZKtzF3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFClZOMEAVxvV4N66cRApJiAKDIeUwjJZPnngT2+24VQGtmpVZ3DQCeLSAd
R0IjJ80MCPU4kKWXH4ZJxe0=
=KKtw
-----END PGP SIGNATURE-----

--ZhyQ46P6+PZKtzF3--