On Wed, May 25, 2005 at 10:11:53AM -0500, Eric Haszlakiewicz wrote:
> On Wed, May 25, 2005 at 08:57:36AM +1000, Daniel Carosone wrote:
> > On Wed, May 25, 2005 at 12:47:15AM +0200, Michael S. wrote:
> > > I was thinking about privileged ports could be bound depending on having
> > > entries in a file (e.g. /etc/privports) with application name and port
> > > number it is allowed do bind without beeing root. 
> > 
> > systrace already supports this, and much more.
> 
> 	hmm.. I'm a little confused as to how systrace is supposed to work.
> 
> When you want to use systrace policies, do you always need to run the
> programs with "systrace <foo>", or is there a systrace daemon somewhere
> that checks the policies for all programs that are run?  or, do the policies
> end up loaded into the kernel somehow, like ipf rules?
> 
> 	If you always need to run the systrace binary, how does that help
> get rid of setuid binaries if, in order to enable the privilege elevation,
> you need to be root to start with?
> 
> eric

Well, I don't know if this is the "proper" way, but previously I've:

1. created a small setuid wrapper utility (/sbin/sp)
2. moved the setuid utilities to /sbin/setuid and done a chmod -s
3. chown root:wheel /sbin/setuid; chmod 700 /sbin/setuid
4. ln -s /sbin/sp /sbin/ping # e.g.
5. the wrapper searches /sbin/setuid for the app
6. the wrapper calls the app with "-a -U -c <your uid>:<your gid>" to drop privs
7. systrace enforces your policies

-- 
Michael Santos
mike@ethmoid.org