[nycbug-talk] BSD Chapter in HLE
Dru
dlavigne6 at sympatico.ca
Fri Sep 15 18:32:24 EDT 2006
On Fri, 15 Sep 2006, Ray Lai wrote:
> systrace can be used during ports builds to contain trojaned sources.
I see this is in Net and Open. Anyone know of a Free equivalent?
> chroot and dropping privileges is important. root can break out of a
> chroot, so you must change to an unprivileged user. Additionally,
> OpenBSD creates new users and groups for each privilege-revoking
> program, so one cannot another.
Privilege separation is good and something I'd like to learn more about.
Is this always on a per-application basis (e.g. openssh, tcpdump)? Other
than Neils' paper, are there other good explanatory references, preferably
not at an overly technical level I can use as a resource to refer to.
Otherwise, I'll try to "dumb down" a technical reference to a paragraph or
so to explain the concept.
Dru
More information about the talk
mailing list