From owner-cvs-all  Thu Jul 20 10:30:44 2000
Delivered-To: cvs-all@freebsd.org
Received: from palrel1.hp.com (palrel1.hp.com [156.153.255.242])
	by hub.freebsd.org (Postfix) with ESMTP
	id 133D037B5E2; Thu, 20 Jul 2000 10:30:40 -0700 (PDT)
	(envelope-from marcel@cup.hp.com)
Received: from adlmail.cup.hp.com (adlmail.cup.hp.com [15.0.100.30])
	by palrel1.hp.com (Postfix) with ESMTP
	id 5105113C1; Thu, 20 Jul 2000 10:30:17 -0700 (PDT)
Received: from cup.hp.com (gauss.cup.hp.com [15.28.97.152])
	by adlmail.cup.hp.com (8.9.3 (PHNE_18979)/8.9.3 SMKit7.02) with ESMTP id KAA27432;
	Thu, 20 Jul 2000 10:30:15 -0700 (PDT)
Message-ID: <39773728.7D94D63F@cup.hp.com>
Date: Thu, 20 Jul 2000 10:30:16 -0700
From: Marcel Moolenaar <marcel@cup.hp.com>
Organization: Hewlett-Packard
X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Robert Watson <rwatson@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org,
	security-officer@FreeBSD.org
Subject: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c
References: <Pine.NEB.3.96L.1000720125351.85018B-100000@fledge.watson.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Robert Watson wrote:
> 
> > If there's a shift in how we treat Linuxulator security issues, I'd like
> > it to be discussed first. If any of the security officers decides after
> > looking at the code that the implementation is too dangerous, I'll back
> > it out.
> 
> I guess the open question here is what path in the emulator provides us
> with the greatest correctness of emulation while maintaining a safe and
> rigorous (and consistent)  security stance.  Emulating security semantics
> is a nightmare, and I think there are some situations where it's ok to
> kludge, and some where it is not.

There's no such thing as half-security. You either (try to) provide a
secure emulator or you don't. Currently, the Linuxulator has many holes.
If we're going to shift our focus from getting the most applications to
run to making the Linuxulator secure, we have to take into account all
the non-technical consequences as well. Which ever way we choose, we
need to have the support of the FreeBSD community at large.

BTW: Making the Linuxulator secure is relatively easy if you only count
Linux binaries that are developed for a real Linux system. It's much
harder to make it secure for any Linux binaries that are designed to
exploit bugs in the Linuxulator, right?

-- 
Marcel Moolenaar
  mail: marcel@cup.hp.com / marcel@FreeBSD.org
  tel:  (408) 447-4222


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message