Displaying 8 results from an estimated 8 matches for "ugidfw".
Did you mean:
ugidd
2006 Jun 01
1
mac_bsdextended log information
Hey everyone,
I'm hoping someone can point me in the right direction. I'm running a 6.1 box with mac_bsdextended compiled. I've created my ugidfw rules, and all seems well in the universe.
I've got rules set up so the web process uid 80 and gid 80 can only read uid 1010 and gid 1010 owned files. When the web server tries to do something else, it throws an error such as:
<authpriv.emerg> www kernel: mac_bsdextended: 80:80 request...
2003 Jul 15
0
filesystem firewall rules
Hello all,
I am attempting to install and test the MAC framework.
I will start with ugidfw(8) to NOT allow a group of users to access a
certain filesystem object. However, I cannot get it to work, and I wish
that if anybody reading this would send me a snippet of their ugidfw
rules, and associated mac.conf settings. I've read all the docs I can
find, and googled to no avail. I ho...
2006 May 03
1
MAC policies and shared hosting
Hello,
I've been looking at the different MAC modules available and how they
cold help to implement a less insecure than usual shared hosting web
server.
I've not been able to come up with a suitable configuration, looking
at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC
module with the following policies could be very useful for such an
environment. Have I
2006 Oct 10
1
Proposal: MAC_BIBA and real-world usage
...project with some goals:
1) Users are kept isolated. This isn't so obvious, as by design
Apache should run as an unprivileged user. The mac_bsdextended policy
can implement an additional layer of security. In my case, hosting
users are given uids belonging to an interval, and there is a ugidfw
rule that states that subjects with an uid withing that range can
only access objects belonging to the same user in case their uid is
within the interval as well. I didn't use MAC compartments because
there is a limit on the number of compartments.
Users are allowed to run CGIs and PHP...
2009 Mar 01
2
Trusted Path Execution
I would like to know that there is or is not a way to prevent users from
executing binaries that are not owned by root or that the user is in a
particular group. Is this something I can achieve with TrustedBSD's MAC
framework?
2005 Apr 11
1
/etc/rc.bsdextended: am I misunderstanding this..?
Can someone clear something up for me?
[[[
# For apache to read user files, the ruleadd must give
# it permissions by default.
####
${CMD} add subject uid 80 object not uid 80 mode rxws;
${CMD} add subject gid 80 object not gid 80 mode rxws;
]]]
Doesn't the above mean that an apache user (eg, user-supplied CGI
process, PHP script, etc) has the ability to read (and write!) anything
in the
2011 Nov 16
1
Starting X11 with kernel secure level greater than -1/0.
Hi, is there any chance (if yes, how to do this?) to use the xf86
driver which "provides access to the memory and I/O ports of a
VGA board and to the PCI configuration registers for use by
the X servers when running with a kernel security level greater
than 0" in FreeBSD*?
Then it will be possible to start X environment with a kernel
secure level > 0, right? Normally it is impossible
2010 Jan 14
9
[Bug 1698] New: Connection stalls on PTY allocation failure
...n: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: alex at rtfs.hu
If on the server side sshd was not able to allocate a PTY (in my case a
wrongly configured FreeBSD's ugidfw rule wont allow opening those
files) both sshd and the client ssh will stall.
Client ssh log:
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: ch...