[grsec] argv/envp verification for rbac?
jnf
jnf at nosec.net
Thu Sep 22 02:20:25 EDT 2005
Hi Brad, et al,
Also, another feature that would be nice, and I would be surprised to find
out that it just hadn't been thought of yet (and it may be in newer
versions and I just don't know it yet), would be verification of not only
what programs can be run, but also of what arguments may be passed to
them, and possibly, but to a lesser degree of importance, a check of the
environment passed to the would-be process. This would be an insane
nightmare for remote applications such as mta's and webservers, but I was
thinking strictly for local programs.
i.e., suppose I have program X which for whatever reason requires elevated
priv's and I need all/group x/whatever users to be able to access it with
elevated priv's, it would be nice to say like:
ARGS '--option1', 'value','--option2','value','etc'
ENV 'IFS=" "', 'PATH=/bin:/usr/bin:/usr/local/bin', 'ETC=BLA'
and so on in the rules. I did some work with AS/400 not long ago, and I
seem to remember this being one of the capabilities it had that impressed
me, and as I understand it, this is also something systrace can do
[hearsay though, i could be wrong], so is there a reason its not in grsec,
and if so, I'm curious to hear the argument as to why.
cheers,
jnf
--
There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?
More information about the grsecurity
mailing list