current-users: Re: Miscellaneous OS features: capabilities

Subject: Re: Miscellaneous OS features: capabilities
To: David Young <dyoung@pobox.com>
From: Gary Thorpe <gathorpe79@yahoo.com>
List: current-users
Date: 08/10/2003 22:29:34
Can systrace do/implement this or is it another matter entirely? 

 --- David Young <dyoung@pobox.com> wrote: > On Fri, Aug 08, 2003 at
07:39:22AM -0400, Sporleder, Matthew
> (CCI-Atlanta) wrote:
> > Speaking of de-rooting-
> > Could you just add a /dev/ports/ directory or something along those
> lines to
> > then chown specific ports to any user you wanted: <daemon>d, for
> example?
> 
>   Take it a step further. Grant the daemon *process* only the
> privileges
>   it needs, using the imaginary "cap" command.
> 
> CAP(1)                       NetBSD Reference Manual                 
>    CAP(1)
> 
> NAME
>      cap - an imaginary program which runs a command with restricted
>            privileges
> 
> SYNOPSIS

>      cap [capabilities] [command [arguments]]
> 
> DESCRIPTION
>      cap runs a command with only the capabilities assigned to it on
> the
>      cap command line. Capabilities are assigned using the options
> -u,
>      -c, -C, -m, -b, -l, -R, -i, -o, -s, -r, -w, -a, and -x.
> 
>      -b port/proto       command may bind the given port
>      -l port/proto       command may listen(2) for connections on the
>                          given port
>      -R host:port/proto  command may connect(2) to the given
> host/port
>      -i nblocks          command may read only nblocks blocks from
> any
>                          disk in a second
>      -o nblocks          command may write only nblocks blocks from
> any
>                          disk in a second
>      -s nblocks:dev      command may store only nblocks blocks on the
>                          block device dev
>      -r filename         command may read from the given file
>      -w filename         "       "   write to  "   "     "
>      -a filename         "       "   append to "   "     "
>      -x filename         "       "   execute   "   "     "
>      -n filename         "       "   create    "   "     "
>      -c secs             command (and children if -g; see below) may
> use
>                          at most secs seconds, total.
>      -C millisecs        command (and children if -g; see below) may
> run
>                          for at most millisecs milliseconds in a
> second.
>      -m size [k|m|p]     maximum core size for this command and all
> of its
>                          children in kilobytes (k), megabytes (m), or
> pages (p)
>      .
>      .
>      .
> 
>      Run a command with no capabilities to find out the minimal
>      capabilities it requires, if that information was compiled
>      into the executable.
> 
>      There is a capability modifier, -g. All of the capabilities
> following
>      -g may be delegated to child processes.
> 
>      Et cetera, et cetera.
> 
> Dave
> 
> -- 
> David Young             OJC Technologies
> dyoung@ojctech.com      Urbana, IL * (217) 278-3933 

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca