mac_suidacl
The mac_suidacl policy allows administrators to administratively limit access to the setxid() family of
systems calls and access to suid execution via the sysctl(8) interface on the FreeBSD operating system.
Download
mac_suidacl.tar.gz
License
New BSD License
Example
jee# sysctl security.mac.suidacl.rules="uid:1002:execve"
security.mac.suidacl.rules: -> uid:1002:execve
jee# su samy
samy$ id
uid=1002(samy) gid=1002(samy) groups=1002(samy)
samy$ ping
su: /sbin/ping: Operation not permitted