DragonFly users List (threaded) for 2008-06
DragonFly BSD
DragonFly users List (threaded) for 2008-06
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: OT: setrlimit equivalent to prevent unlink or truncate


From: Oliver Fromme <check+k1tvww00rsyn872l@xxxxxxxxxx>
Date: 02 Jun 2008 09:30:58 GMT

Johannes Hofmann wrote:
 > Yes, the latter. In a program I want to exec another binary with
 > limited privileges.

The traditional UNIX way is to exec that other binary as
an unprivileged user, e.g. "nobody".  The problem is that
you must be root to call setuid() in the first place.
You can use sudo(8) or super(1) for that purpose.

Of course the problem could be solved in a much better
way with mandatory access control (MAC), which requires
appropriate support from the OS.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]