Date: Thu, 24 Jul 2008 08:39:03 -0700 From: Julian Elischer <julian@elischer.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: Kostik Belousov <kostikbel@gmail.com>, Liste FreeBSD-security <freebsd-security@freebsd.org>, Lyndon Nerenberg <lyndon@orthanc.ca> Subject: Re: A new kind of security needed Message-ID: <4888A217.9000109@elischer.org> In-Reply-To: <20080724100439.D63347@fledge.watson.org> References: <f383264b0807161710m285ed915m8ea9d088fbe83df9@mail.gmail.com> <alpine.BSF.1.00.0807162303490.34772@treehorn.dfmm.org> <884CB541-7977-4EF1-9B72-7226BDF30188@patpro.net> <20080717085136.B87887@fledge.watson.org> <05661513-E0DA-4B33-BD4E-FCF73943F332@orthanc.ca> <20080724090549.G63347@fledge.watson.org> <20080724085910.GG97161@deviant.kiev.zoral.com.ua> <20080724100439.D63347@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > On Thu, 24 Jul 2008, Kostik Belousov wrote: > >>> Lots of people care a lot about plan9. The problem is that it's a >>> lot like UNIX. UNIX presupposes lots of special-purpose applications >>> doing rather specific and well-defined things, and that is a >>> decreasingly accurate reflection of the way people write >>> applications. All these security extensions get extremely messy the >>> moment you have general-purpose applications that you want to be able >>> to do some things some times, and other things other times, and where >>> the nature of the protections you want depends on, and changes with, >>> the whim of the user. The complex structure of modern UNIX >>> applications doesn't help (lots of dependent libraries, files, >>> interpreters, etc), because it almost instantly pushes the package >>> dependency problem into the access control problem. I don't think >>> it's hopeless, but I think that any answer that looks simple is >>> probably wrong by definition. :-) >> >> I think that the per-process namespaces are useful, and can be added >> to the existing Unix model with quite favourable consequences. On the >> other hand, I do not think that security is the most important >> application of the namespaces, or even have a direct relation to it. >> >> Implementing namespaces for FreeBSD looks as an doable and quite >> interesting project for me :). > > Sounds good to me :-). there is some work going on by the Verio guys and by others with some namespace separation.. > > As with all such project (variant symlinks, process-local name spaces, > etc), do be very careful about security -- often as not, such projects > risk tripping over problems with privilege-escalated processes, such as > setuid binaries, etc, which place strong trust in the file system name > space. > > Robert N M Watson > Computer Laboratory > University of Cambridge > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4888A217.9000109>