GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PRIVMAN (7)

NAME

Privman - A library for privilege separation.

CONTENTS

Description
Files
Overview
Bugs
Todo
Author

DESCRIPTION

Privman is a library that makes it easy for programs to use privilege separation, a technique that prevents the leak or misuse of privilege from applications that must run with some elevated permissions. Privman-managed processes can implement fine grained control of root privilege on common Unix-based operating systems.

Applications that use the Privman library split into two halves, the half that performs valid privileged operations, and the half that contains the application’s logic. The Privman library simplifies the otherwise complex task of separating the applications, protecting the system from compromise if an error in the applications logic is found.

The library uses configuration files ( privman_conf(5) ) to allow fine-grained access control decisions for the privileged operations, limiting exposure in the event of an attack against the application. If the applications is compromised, the attacker gains only the privileges of an unprivileged user, and the specific privileges granted to the application by the application’s Privman configuration file.

FILES

${prefix}/etc/privman.d/*
Applications specific configuration files. See privman_conf(5) for further details.

${prefix}/include/privman.h

The include file for the library.

${exec_prefix}/lib/libprivman.so

The library itself. On most systems, you will need to link against libpam and libpam_misc in addition to libprivman

OVERVIEW

A Privman managed program will generally start with a call to priv_init(3). priv_init() splits the process: the still-privileged parent listens to a pipe for requests, the child drops privilege and and returns from priv_init().

After priv_init(), continue normally. When you need to invoke privileged operation "foo()", use "priv_foo()" instead. For example, if you want your server to bind to a low port, you would pass the socket to priv_bind(3) instead of bind(2).

BUGS

The API may seem a bit complex.

There is no permission checking on the chroot jail for either execve or rerunas.

TODO

priv_fdreopen().

AUTHOR

Network Associates. Send email to <privman@nailabs.com>

SEE ALSO

priv_bind(3) priv_daemon(3) priv_execve(3) priv_fopen(3) priv_fork(3) priv_init(3) privman_conf(5) priv_open(3) priv_pam(3) priv_rerunas(3)

Search for    or go to Top of page |  Section 7 |  Main Index


Unix PRIVMAN (7) SEPTEMBER 2002

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.