Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Nov 1996 09:13:46 +1030 (CST)
From:      newton@communica.com.au (Mark Newton)
To:        brantk@atlas.com (Brant Katkansky)
Cc:        newton@communica.com.au, Don.Lewis@tsc.tdk.com, marcs@znep.com, dev@trifecta.com, freebsd-security@FreeBSD.org
Subject:   Re: chroot() security
Message-ID:  <9611042243.AA09752@communica.com.au>
In-Reply-To: <199611041845.KAA15255@itchy.atlas.com> from "Brant Katkansky" at Nov 4, 96 10:45:37 am
next in thread | previous in thread | raw e-mail | index | archive | help 
Brant Katkansky wrote:

 > > Note that I'm not suggesting this as something that should be added to
 > > FreeBSD per se;  Rather, I'm suggesting that users of FreeBSD in security-
 > > critical environments can benefit from having kernel sources by taking
 > > the opportunity to "harden" their kernel.
 > 
 > How 'bout making it a compile-time option?

I think some people are missing the point.

The kind of "security-conscious" environment I'm talking about is something
like a firewall or a very restricted access system.

Now, in both of those situations, it is expected that the organization
that is running the system has some kind of written (or otherwise) policy
to determine how that system is treated.  That policy more or less
defines exactly how secure that system is going to be by specifying the
rights and privileges of the system itself and the users who login to it
(if any)

One of the things that can be done on that system is to hack the kernel
to enforce the policy in software -- That way you have to trust the system
a little bit less, because your software  enforces your policy for you.

Each organization will have their own security policy.  We cannot, ahead
of time, say, "Yeah, everyone will want this."  Thus, putting these hacks in as
compile-time options is not appropriate:  it'll only ever lead to
bloat which very few people (those who agree with your particular 
policy) will take advantage of.

On the other hand, some kind of FAQ might be useful to make sure that
people are aware of the potential that the presence of source code 
provides for them.  If that's publicized then people are free to make
their own hacks to enforce their own policies.

Cheers,

    - mark

---
Mark Newton                               Email: newton@communica.com.au
Systems Engineer                          Phone: +61-8-8373-2523
Communica Systems                         WWW:   http://www.communica.com.au

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9611042243.AA09752>