From owner-freebsd-security@FreeBSD.ORG Thu Jul 24 15:52:58 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B04A106566B for ; Thu, 24 Jul 2008 15:52:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outI.internet-mail-service.net (outi.internet-mail-service.net [216.240.47.232]) by mx1.freebsd.org (Postfix) with ESMTP id 814888FC0C for ; Thu, 24 Jul 2008 15:52:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 0EE322370; Thu, 24 Jul 2008 08:39:28 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 02F462D6054; Thu, 24 Jul 2008 08:39:26 -0700 (PDT) Message-ID: <4888A217.9000109@elischer.org> Date: Thu, 24 Jul 2008 08:39:03 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: Robert Watson References: <884CB541-7977-4EF1-9B72-7226BDF30188@patpro.net> <20080717085136.B87887@fledge.watson.org> <05661513-E0DA-4B33-BD4E-FCF73943F332@orthanc.ca> <20080724090549.G63347@fledge.watson.org> <20080724085910.GG97161@deviant.kiev.zoral.com.ua> <20080724100439.D63347@fledge.watson.org> In-Reply-To: <20080724100439.D63347@fledge.watson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 24 Jul 2008 16:43:17 +0000 Cc: Kostik Belousov , Liste FreeBSD-security , Lyndon Nerenberg Subject: Re: A new kind of security needed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jul 2008 15:52:58 -0000 Robert Watson wrote: > > On Thu, 24 Jul 2008, Kostik Belousov wrote: > >>> Lots of people care a lot about plan9. The problem is that it's a >>> lot like UNIX. UNIX presupposes lots of special-purpose applications >>> doing rather specific and well-defined things, and that is a >>> decreasingly accurate reflection of the way people write >>> applications. All these security extensions get extremely messy the >>> moment you have general-purpose applications that you want to be able >>> to do some things some times, and other things other times, and where >>> the nature of the protections you want depends on, and changes with, >>> the whim of the user. The complex structure of modern UNIX >>> applications doesn't help (lots of dependent libraries, files, >>> interpreters, etc), because it almost instantly pushes the package >>> dependency problem into the access control problem. I don't think >>> it's hopeless, but I think that any answer that looks simple is >>> probably wrong by definition. :-) >> >> I think that the per-process namespaces are useful, and can be added >> to the existing Unix model with quite favourable consequences. On the >> other hand, I do not think that security is the most important >> application of the namespaces, or even have a direct relation to it. >> >> Implementing namespaces for FreeBSD looks as an doable and quite >> interesting project for me :). > > Sounds good to me :-). there is some work going on by the Verio guys and by others with some namespace separation.. > > As with all such project (variant symlinks, process-local name spaces, > etc), do be very careful about security -- often as not, such projects > risk tripping over problems with privilege-escalated processes, such as > setuid binaries, etc, which place strong trust in the file system name > space. > > Robert N M Watson > Computer Laboratory > University of Cambridge > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"