On Thu, Aug 21, 2003 at 01:58:54AM -0500, Dan Nelson wrote: > It does something similar, but uses a C-like language to control a > processes actions. This lets you get extremely fine-grained control > (allow httpd to bind to only port 80, once), but the rules run as > "root", so they can grant as well as revoke privileges. A useful > modification would be to allow users to submit their own policies that > can only disallow actions (i.e. all arguments and process variables are > read-only, and the script can either pass the syscall through or return > a failure code, nothing else).
Exercise for the reader: find a situation where the failure to perform a syscall that normally succeeds, leads to privilege escalation :-) Kris
pgp00000.pgp
Description: PGP signature
