[nycbug-talk] BSD Chapter in HLE

Dru dlavigne6 at sympatico.ca
Fri Sep 15 18:32:24 EDT 2006



On Fri, 15 Sep 2006, Ray Lai wrote:

> systrace can be used during ports builds to contain trojaned sources.


I see this is in Net and Open. Anyone know of a Free equivalent?


> chroot and dropping privileges is important.  root can break out of a
> chroot, so you must change to an unprivileged user.  Additionally,
> OpenBSD creates new users and groups for each privilege-revoking
> program, so one cannot another.


Privilege separation is good and something I'd like to learn more about. 
Is this always on a per-application basis (e.g. openssh, tcpdump)? Other 
than Neils' paper, are there other good explanatory references, preferably 
not at an overly technical level I can use as a resource to refer to. 
Otherwise, I'll try to "dumb down" a technical reference to a paragraph or 
so to explain the concept.

Dru



More information about the talk mailing list