Displaying 5 results from an estimated 5 matches for "see_other_uid".
Did you mean:
see_other_uids
2004 Feb 29
2
procfs + chmod = no go
Hello,
I was wondering if it was possible to limit user access on /proc
without having to use securelevels.
For some reason chmod 751 /proc (or 750) does nothing.
Is this possible on FreeBSD 4.9 ? Can't find anything about it in the
manual pages. Just want to prevent lusers from running:
for file in /proc/*/cmdline; do cat $file; echo; done
Greetz,
Jimmy Scott
2007 Feb 18
1
Secure shared web hosting using MAC Framework
...prevent them from writing to /tmp
Solution:
add a ufs_acl rule to /tmp, this should be read only (for mysql socket and other things that might reside here)
- As much as possible, web users should have a limited view of the systems
Solution:
use the follwing sysctl variable
security.bsd.see_other_uids=0
security.bsd.unprivileged_read_msgbuf=0
Since the web users are in a jail, set restricted devfs ruleset (this is easily done via rc.conf)
jail_web_devfs_enable="YES"
jail_web_devfs_ruleset="devfsrules_jail"
- Web users and executed web scripts shouldn't be able to...
2004 Feb 19
2
traffic normalizer for ipfw?
Hi there,
Is there some way to configure ipfw to do traffic
normalizing ("scrubbing", as in ipf for OpenBSD)? Is
there any tool to do it for FreeBSD firewalling?
I've heard that ipf was ported on current, anything
else?
TIA,
/Dorin.
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security
I also have installed and am configuring ipfilter. Here are my
questions:
Because I'm using Jails, I will have to have multiple ip aliases on the
network interface. I will use ipfilter to specify what can go to each
of the addresses. (e.g., allow only incoming to port 80 on the jail
running apache).
Another
2006 Apr 12
1
powerd not behaving with an Asus A8V-MX and Athlon 64 X2 3800+
...1003_1b.timer_max: 0
security.jail.set_hostname_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.sysvipc_allowed: 0
security.jail.enforce_statfs: 2
security.jail.allow_raw_sockets: 0
security.jail.chflags_allowed: 0
security.jail.jailed: 0
security.bsd.suser_enabled: 1
security.bsd.see_other_uids: 1
security.bsd.see_other_gids: 1
security.bsd.conservative_signals: 1
security.bsd.unprivileged_proc_debug: 1
security.bsd.unprivileged_read_msgbuf: 1
security.bsd.hardlink_check_uid: 0
security.bsd.hardlink_check_gid: 0
security.bsd.unprivileged_get_quota: 0
dev.nexus.0.%driver: nexus
dev.nexus....