Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> said:
[...]
> On one system I use (Cray UNICOS), the shell cannot change security
> classifications without:
>
> 1. be a login shell with a parent process that is flagged as a security
> user entry point(telentd/sshd recieve these privilages).
> 2. have no subprocesses
> 3. have no open output files other than the controlling terminal (ie. don't
> redirect stderr to a disk file...)
> 4. have the permission to change (elevate) security access.
> 5. can not raise level above that of the user connection (ie. secure
> wire, labeled network connection).
>
> At least two of these get broken with a web server:
> 1. a web server should not be labeled as a user entry point
> 4. the web server sould not be labeled as such.
>
> There are other restrictions that can be applied by modifying the web
> server itself:
>
> 1. deny fork capability in children of the listening web server.
No CGIs at all?
> 2. deny any open for write capability.
Can't write what the user entered for recording an order in e-commerce?
> 3. deny listen, bind, connect... capability in children of the parent web
> server (no new network connections will be allowed after fork).
No client/server database (or other stuff) either.
Pretty boring website.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viņa del Mar, Chile +56 32 672616- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:31 EST