Date: Wed, 15 Aug 2001 21:06:37 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Robert Watson <rwatson@FreeBSD.org> Cc: Mikhail Teterin <mi@aldan.algebra.com>, alex@big.endian.de, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20010815210637.A90115@salmon.maths.tcd.ie> In-Reply-To: <Pine.NEB.3.96L.1010815125441.81642C-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Wed, Aug 15, 2001 at 12:57:17PM -0400 References: <20010815123315.A35365@walton.maths.tcd.ie> <Pine.NEB.3.96L.1010815125441.81642C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 15, 2001 at 12:57:17PM -0400, Robert Watson wrote: > An approach that might be taken is to have a pair of processes > -- one with privilege, and one without. The one with privilege would > communicate via IPC with the low privilege process, and grant specific > requests via file descriptor passing (such as the binding of sockets, > opening of devices, etc), limiting the scope of a vulnerability in the > exposed code. This does add substantial complexity, and has to be > carefully analyzed so as to determine that it won't leak privileges. We > have an on-going project as part of our DARPA grant to look at generate > techniques for partitioning applications this way. You can e-mail > Lee Badger <badger@tislabs.com> if you're interested -- he's a co-PI on > the project, and is focusing on the application impact of privilege. I've plans for crontab in this line, which I'll work on once I commit my Unix Domain patches to -current. I think other people may also be working on programs in this area. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010815210637.A90115>