Re: Securing FreeBSD 2.1.7.1

[marc () sniff ct-net de]

Hello!

> nuqneH,
(klingonase? ;-)

> I am thinking on "hardening" FreeBSD 2.1.7.1 system to run a firewall on
> top of it.. by implementing "securelevel 3" with some system calls
> disabled/wrapped - like mount, mknod.. what else? Any ideas?

After some work integrating chroot() and setuid(nonroot)
into sendmail, bind, [...] to secure my server a little bit 
I had to realize that hardening pop3 and ftp means to rewrite 
the existing code (qualcomm's popper and Wietse Venema's ftpd).
Because these programs have to run as root for some time, chroot()
isn't really a security win. You have to split the code into an
authentication part and the part which does the real job, linked
by a small change-uid program. (well, this is at least one way to
deal with the problem). *sigh*

The idea? Special privileges for some UID's. Imagine UID's able
to change the uid to a value above some threshold but not down
to zero/root. Perfect to run popper or ftpd in a secured manner.
Or UID's able to bind to port 80 but nothing else, so the httpd
is not able to set up outgoing connections by a CGI running wild.
(o.k, I would not put apache/whatever on a firewall at all ;-)

So one could run even very complex software without compromising
the whole system (and the software will fail someday, right?).

Maybe using the bits of a UID as on/off switches for this
privileges coud be a simple way to store the informations?

(I have to admit, I am not a CS/kernel expert.)


Regards, Marc
-- 
Marc Binderberger                                 97076 Wuerzburg, Germany
marc () sniff ct-net de                              Powered by FreeBSD ;-)