DragonFly On-Line Manual Pages

Search: Section:  

PRIVMAN(7)                       Miscellaneous                      PRIVMAN(7)


NAME

       Privman - A library for privilege separation.


DESCRIPTION

       Privman is a library that makes it easy for programs to use privilege
       separation, a technique that prevents the leak or misuse of privilege
       from applications that must run with some elevated permissions.
       Privman-managed processes can implement fine grained control of root
       privilege on common Unix-based operating systems.

       Applications that use the Privman library split into two halves, the
       half that performs valid privileged operations, and the half that
       contains the application's logic. The Privman library simplifies the
       otherwise complex task of separating the applications, protecting the
       system from compromise if an error in the applications logic is found.

       The library uses configuration files ( privman_conf(5) ) to allow fine-
       grained access control decisions for the privileged operations,
       limiting exposure in the event of an attack against the application. If
       the applications is compromised, the attacker gains only the privileges
       of an unprivileged user, and the specific privileges granted to the
       application by the application's Privman configuration file.


FILES

       ${prefix}/etc/privman.d/*
              Applications specific configuration files. See privman_conf(5)
              for further details.

       ${prefix}/include/privman.h
              The include file for the library.

       ${exec_prefix}/lib/libprivman.so
              The library itself. On most systems, you will need to link
              against libpam and libpam_misc in addition to libprivman


OVERVIEW

       A Privman managed program will generally start with a call to
       priv_init(3).  priv_init() splits the process: the still-privileged
       parent listens to a pipe for requests, the child drops privilege and
       and returns from priv_init().

       After priv_init(), continue normally. When you need to invoke
       privileged operation "foo()", use "priv_foo()" instead. For example, if
       you want your server to bind to a low port, you would pass the socket
       to priv_bind(3) instead of bind(2).


BUGS

       The API may seem a bit complex.

       There is no permission checking on the chroot jail for either execve or
       rerunas.


TODO

       priv_fdreopen().


AUTHOR

       Network Associates. Send email to <privman@nailabs.com>


SEE ALSO

       priv_bind(3) priv_daemon(3) priv_execve(3) priv_fopen(3) priv_fork(3)
       priv_init(3) privman_conf(5) priv_open(3) priv_pam(3) priv_rerunas(3)

Unix                            SEPTEMBER 2002                      PRIVMAN(7)

Search: Section: