Contributed by jose on from the elevation-and-declination dept.
"Yep, thats right, systrace can now be used for selectable priv escalation. Furthermore, on the setuid root front, login was changed to remove its need for setuid bit.Changes by: firstname.lastname@example.org 2002/10/16 09:01:08 Modified files: sys/dev : systrace.c systrace.h bin/systrace : Makefile filter.c intercept.c intercept.h lex.l openbsd-syscalls.c parse.y systrace.1 systrace.c systrace.h Log message: support for privilege elevation. with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos"
3.2 has some serious setuid audits going on!
(Comments are closed)