Firewall Wizards mailing list archives
Re: chroot useful?
From: Wolfgang Ley <ley () cert dfn de>
Date: Sun, 16 Nov 1997 20:13:17 +0100 (MET)
-----BEGIN PGP SIGNED MESSAGE----- Marcus J. Ranum wrote:
On the topic of reducing privilege, one thing I've always wanted to do (but never had time for!) is what I'd call "syscall wrappers" for lack of a better term.
You might want to check the "janus" project from Berkeley which does something similar (although the implementation idea is different). You start a binary which is traced by the control program. The control program ctaches all syscalls and compare then against a list of allowed and denied actions. The example implementation runs on Solaris 2.x and does allow several criterias like restricting access to files, network connections etc. For more information see http://www.cs.berkeley.edu/~daw/janus/ The project was also presented on Usenix Sec. 96 (and got the best paper award by the way). Bye, Wolfgang. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley () cert dfn de Phone: +49 40 5494-2262 Fax: +49 40 5494-2241 PGP-Key available via finger ley () ftp cert dfn de any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBNG9FywQmfXmOCknRAQG+MQP/Rjos1A7t+cF6fo7608Xs2TsNEy/0rak6 1iUnNACwcloDLMgJCjKJifco4Fr7D7EhrqgiAdQ0i0/tI4/vpj2JT/AN6uTsJ1rV Mto8qij87S/5JRtQCrCzWLvTZ/IdGY/MsZ7TTIvqH4HwlXS3F6agSu/YGlBt3zVO be2Be40W8q8= =5XTW -----END PGP SIGNATURE-----
Current thread:
- Re: chroot useful?, (continued)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Rick Murphy (Nov 17)
- Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 20)
- Re: Hardening, (was Re: chroot useful?) Paul D. Robertson (Nov 21)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Wolfgang Ley (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Aleph One (Nov 17)
- syscall wrappers (was Re: chroot useful?) Bennett Todd (Nov 17)
- Re: syscall wrappers (was Re: chroot useful?) George Ross (Nov 20)
- Re: chroot useful? Darren Reed (Nov 20)
- Firewalling DCOM and brethren David C Niemi (Nov 21)
- Re: Firewalling DCOM and brethren Magossa'nyi A'rpa'd (Nov 21)