Re: preventing a user to start a process

From: Todor Dragnev (todor.dragnev_at_gmail.com)
Date: 07/27/05

  • Next message: mdff: "RE: preventing a user to start a process" 
    To: "'Thomas Krause'" <freebsd-isp@chef-ingenieur.de>
Date: Wed, 27 Jul 2005 17:01:46 +0300

    Before years I do a lot of testings with LIDS and grsecurity on linux. With
    these tools is possible to set rules what system commands or which files(by
    inodes) can be accessed from user or process (pid or name). I have no
    experience with freebsd, but maybe it is possible to solve problem in same
    way.

    On Wednesday 27 July 2005 09:58, David Hogan wrote:
    > > Unfortunately, that is not possible. E.g. typo3 calls Imagemagick, so I
    > > need system().
    >
    > Hmmm ... ok
    >
    > are you aware you can override many php.ini settings on a per directory
    > basis or even per vhost basis (I think) ? If you didn't have too many
    > exceptions, you could deny system() globally, then allow it just for
    > trusted users or scripts.
    >
    > Hope this is practical,
    > Dave
    >
    > _______________________________________________
    > freebsd-isp@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: mdff: "RE: preventing a user to start a process"