similar to: MAC policies and shared hosting

Hello, Are there many people actually using the MAC subsystem in the real world? I have been working to set up a shared hosting webserver and I've stumbled against some limitations with the BIBA policy. In short, it's an excellent model, and can be used succesfully if applications are aware of its existance, but I find it incompatible with the real-world needs in Unix, and,

FreeBSD version: 5.1-RELEASE Hi, I'm quite new to FreeBSD. I've check list archives and read a handbook, but I didn't find solution to my problem and I hope this is not off-topic. I've installed 5.1-RELEASE, enabled ACLs on the filesystems and I wanted to test MAC features. I'm also new to MAC, so perhaps this is some my mistake. When I enable mac_biba or mac_lomac (in

Hey everyone, I'm hoping someone can point me in the right direction. I'm running a 6.1 box with mac_bsdextended compiled. I've created my ugidfw rules, and all seems well in the universe. I've got rules set up so the web process uid 80 and gid 80 can only read uid 1010 and gid 1010 owned files. When the web server tries to do something else, it throws an error such as:

(crossposted to freebsd-security just in case someone has to slap me) :) Hello, I'm doing some work with the MAC subsystem in FreeBSD, and I have spotted some errors in the MAC documentation in the handbook. 1- Section 15.14.4. Error in the example dropping users "nagios" and "www" into the insecure class. The example uses the command "pw usermod nagios -L

FreeBSD 5.1-RELEASE Hi, I'm examining Biba and MLS MAC policies and something is not clear for me. Unless I'm doing something wrong, it seems policies are enforced only for reading, but not writing. 1) Biba I've created test file with biba/127 label: $ echo "Message" > file_biba_127.txt $ setfmac biba/127 file_biba_127.txt $ getfmac file_biba_127.txt

I would like to know that there is or is not a way to prevent users from executing binaries that are not owned by root or that the user is in a particular group. Is this something I can achieve with TrustedBSD's MAC framework?

Hi, is there any chance (if yes, how to do this?) to use the xf86 driver which "provides access to the memory and I/O ports of a VGA board and to the PCI configuration registers for use by the X servers when running with a kernel security level greater than 0" in FreeBSD*? Then it will be possible to start X environment with a kernel secure level > 0, right? Normally it is impossible

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just try to understand the concepts and possiblities behind the mac framework. After days of puzzling I found one puzzling behaviour and still have one immediate question (this is on 5-stable) - - when I enable mac_biba, set root to biba/equal (or any value, actually), and do a setfmac -R biba/equal / I expect biba to be activated without any

Can someone clear something up for me? [[[ # For apache to read user files, the ruleadd must give # it permissions by default. #### ${CMD} add subject uid 80 object not uid 80 mode rxws; ${CMD} add subject gid 80 object not gid 80 mode rxws; ]]] Doesn't the above mean that an apache user (eg, user-supplied CGI process, PHP script, etc) has the ability to read (and write!) anything in the

Hi all, I have no idea if this question is to easy to be answered, but I?m starting with R. So, here we go. I have a large dataset with a lot of steps a judicial case. A sample is attached. I?d like to do a cluster analysis to try to understand with one is the most usual path followed by this legal cases. After that, I?d like to plot a cluster tree. In the attached sample, the column: -

Dear Sirs. It seems to me a never ending story. We run a box with a TYAN Thunder 2500 Dual SMP mainboard, 2GB ECC Tyan certified memory, AMI Enterprise 1600 RAID adapter and additional Intel 1000/Pro server type (64 bit) GBit LAN NIC. With FreeBSD 4.8 this was stable, but to achive this state was really hard! It is a story similar to that what happend when we changed towards FreeBSD

Hello Jakob, I'm still getting the error, I can give you any other debug info you need. I haven't pasted the regalloc debug info here because it is quite huge, but if you tell me what specific details you need I will include them. Thanks for your help! 2012/7/14 Jakob Stoklund Olesen <stoklund at 2pi.dk> > > On Jul 14, 2012, at 10:09 AM, Borja Ferrer <borja.ferav at

Hello Jakob, Did you get a chance to take a look into this, and if not, can you do it when you get some spare time? Thanks! 2012/12/19 Borja Ferrer <borja.ferav at gmail.com> > We did something like this back when the register allocator couldn't split >> live ranges. >> > > Yes, I remember the isWinToJoinCrossClass() function, removed here: > >

Hi, I''m pretty new to all related to bdd and rspec and I have the following question. Is it possible to stub actions that return different objects depending on the parameteres they were called with? Something like this: MyClass.stub!(:method).with(1).and_return(@mock_object_1) MyClass.stub!(:method).with(2).and_return(@mock_object_2) I know I could use

Same as its brothers/sisters, it's optimized for 4 KB blocks. /* * OCZ Vertex 4 SSDs * 4k optimized */ { T_DIRECT, SIP_MEDIA_FIXED, "ATA", "OCZ_VERTEX4*", "*"}, /*quirks/DA_Q_4K Borja.

Dear R-Users I have a list with two vectors of doubles tha have different lengths. I want to export it to a file and I also want to print it in two columns. I try with write.table but it need vectors of the same length. Does anyone know how to do it? Thanks Borja [[alternative HTML version deleted]]

Jakob, one more hint, I've placed some asserts around the code you added and noticed that the InlineSpiller::insertReload() function is not being called. 2012/7/14 Borja Ferrer <borja.ferav at gmail.com> > Hello Jakob, > > I'm still getting the error, I can give you any other debug info you need. > I haven't pasted the regalloc debug info here because it is quite

On Jan 7, 2013, at 4:58 AM, Borja Ferrer <borja.ferav at gmail.com> wrote: > Hello Jakob, > > Did you get a chance to take a look into this, and if not, can you do it when you get some spare time? It's not likely I'll have time to look at this in the near future. I'd recommend you do it yourself. /jakob > 2012/12/19 Borja Ferrer <borja.ferav at gmail.com>

Ok, I've found that marking tiny live intervals as not spillable inside VirtRegAuxInfo::CalculateWeightAndHint is not playing nicely with very constrained regclasses, in my case a regclass composed of only one register. As a workaround, instead of marking them as not spillable, I've marked them with a very high spill cost and the regalloc is able to compile the function with good code

Hello, Is there a way to determine before register allocation if a virtual reg is mapped to the lo or hi part of a piece of a value? Basically i need to tell the register allocator to use a certain set of registers for the lo part and others for the hi part, so in order to do this i would have to know if the data value was expanded into smaller pieces and which piece is each one. Additionally,