Subject: Re: extending chroot()
To: Steve Bellovin <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 01/16/2003 16:41:51
>I'd like to be able to "jail" various untrusted applications, such as
>my netbrowser. Chroot() is the obvious choice, but it requires root
>privileges. However -- supposed we changed chroot() so that it didn't
>require root, but if executed by a non-root process, setuid and setgid
>would not be honored. More precisely, we change the code in
>exec_script and kern_exec that checks the setuid/setgid bits; if
>cwdi_rdir is non-null, don't honor those bits.
could you use systrace in conjunction with chroot() to accomplish what
>Comments? (I wish that socket() went through the file system, so that
>I could restrict network access that way, too.)
systrace can implement access control on source/destination addresses,
though i've not tried anything complex with it yet.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."