Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Aug 1998 17:20:46 -0400 (EDT)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Joel Ray Holveck <joelh@gnu.org>
Cc:        dpk@notreal.com, garbanzo@hooked.net, rabtter@aye.net, hackers@FreeBSD.ORG
Subject:   Re: I want to break binary compatibility.
Message-ID:  <Pine.BSF.3.96.980825163712.29140B-100000@fledge.watson.org>
In-Reply-To: <199808251922.OAA00955@detlev.UUCP>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Aug 1998, Joel Ray Holveck wrote:

> > My favored choice would be to modify the standard dynamic link support to
> > check /etc/ld.conf (or a sysctl) to determine whether the system policy
> > currently allowed dynamic linking or not, and if so, whether user-defined
> > paths were allowed.  This, in combination with the bless-support would
> > work pretty well.
> 
> Would /etc/ld.conf be vulnerable to chroots?
> 
> Best,
> joelh

I was tempted to make the code be influenced by a sysctl -- something that
can be read regardless of environment, and would give an indication of the
current system policy.

However, this is the same problem we keep running into -- I wonder if
there is a better solution?  chroot causes us a number of problems with
code trusting file trees to provide a reliable source for policy and
security information.  We see libraries (getpwent, etc) consistently
relying on the accuracy of paths for reaching resources.  However, then we
see chroot attempting to provide security by "sandboxing" while at the
same time undermining the security mechanisms provided by the remainder of
the operating system.  It is the desire to have variable file trees
displayed to different applications at the same time as having a unique
and enforced file tree displayed.

This type of sandboxing does not fit well into the standard UNIX model.
It might be better served in a dynamic code + message based architecture
(such as some combination of Java and Mach).

  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980825163712.29140B-100000>