Travis H. wrote:

> Well, are any NetBSD systems used in e-commerce or ebanking?
> 
> If so, I would want them to protect my financial data the best they could.

I can't comment on this specific issue because I have never looked
into what it takes to secure an "e-commerce or ebanking" system
myself. :)

> Sadly, it seems somewhat common that they leave CC#s in an
> easily-readable log file.  All it takes is some buggy PHP code and
> poof, they're the apache user, and they've got read access to the
> data. 

I thought file-system ACLs solve this issue?

> Sometimes they don't need a shell, just a way to read the file
> from within PHP.  I don't recall if SELinux has the capability of
> granting append-only access, but even if it doesn't you could write a
> little "log append" program and grant execute and change domain access
> to it and then the apache user ID could be denied direct access to the
> file (you can think of it like a small SUID application, except you'd
> be doing it with domains instead of UIDs). 

That sounds a *lot* more work than I'd like us to require; in fact, that
seems like a terribly complicated solution to a problem that I'm almost
sure was already solved in simpler means. :)

> I know this isn't a
> perfect example, in that you could do it with UIDs or maybe with
> append-only attributes on the logfile, so please don't focus on
> nitpicking the example; it's the best I could think of on short
> notice.

I'm hardly nit-picking on the specific example, but am still curious
if a SELinux-like environment solves these problems in ways kauth(9)
can't.

-e.

-- 
Elad Efrat