OpenBSD Journal

Support for privilege elevation!

Contributed by jose on from the elevation-and-declination dept.

Someone writes:
Changes by:  2002/10/16 09:01:08

Modified files:
        sys/dev        : systrace.c systrace.h
        bin/systrace   : Makefile filter.c intercept.c intercept.h lex.l
                         openbsd-syscalls.c parse.y systrace.1
                         systrace.c systrace.h

Log message:
support for privilege elevation.

with privilege elevation no suid or sgid binaries are necessary any
longer.  Applications can be executed completely
unprivileged. Systrace raises the privileges for a single system call
depending on the configured policy.

Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.

from provos"
Yep, thats right, systrace can now be used for selectable priv escalation. Furthermore, on the setuid root front, login was changed to remove its need for setuid bit.

3.2 has some serious setuid audits going on!

(Comments are closed)

  1. By Anonymous Coward () on

    Will this make it into 3.2?

  2. By Anonymous Coward () on

    Ok, that's great and all - but for this to be really useful, anything with suid+sgid running out of a default install, should now have a policy shipping with a default install (ideally running with systrace already). Currently systrace is entirely optional. Moreover, for those who do want to use it - there's scant available with the default install.

    I know, it's designed to be easy to create new policies - and that's true. But policies generated on one's own as a clueless (default?) user are not all that likely to be too worthwhile, whether due to permitting too much uncategorically, or due to non-optimized rule ordering which can have a performance impact -especially if you start to systrace a LOT of applications, as would be the case if one tried to remove the suid+sgid bits from everything.

    To sum up - I really think there should really be a resource to pool a large repository of quality rulesets that could fill /etc/systrace. Ideally, the best could be chosen and tossed into the default install. Ideally too, such policies would run with standard usage of said applications (e.g. zone xferring ability for the named systrace policy).

    What ever became of the deadly post a while back for the person trying to get a systrace collection going?

  3. By Anonymous Coward () on

    Does anybody know why Niels Provos left his homeland ("OpenBSD") and now live there ("NetBSD")?

  4. By Anonymous Coward () on

    One small step for OpenBSD.... one giant leap for Unixkind.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]