From owner-freebsd-hackers@FreeBSD.ORG  Fri Nov 21 03:13:16 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8618C16A4CE; Fri, 21 Nov 2003 03:13:16 -0800 (PST)
Received: from server.vk2pj.dyndns.org
	(c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1B46743FDD; Fri, 21 Nov 2003 03:13:15 -0800 (PST)
	(envelope-from peterjeremy@optushome.com.au)
Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org
	[127.0.0.1])hALBDDJD071602;	Fri, 21 Nov 2003 22:13:13 +1100 (EST)
	(envelope-from peter@server.vk2pj.dyndns.org)
Received: (from peter@localhost)
	by server.vk2pj.dyndns.org (8.12.9p1/8.12.9/Submit) id hALBDDMo071601;
	Fri, 21 Nov 2003 22:13:13 +1100 (EST)
	(envelope-from peter)
Date: Fri, 21 Nov 2003 22:13:13 +1100
From: Peter Jeremy <peterjeremy@optushome.com.au>
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Message-ID: <20031121111313.GA71265@server.vk2pj.dyndns.org>
References: <20031119003133.18473.qmail@web11404.mail.yahoo.com>
	<200311201327.29226.wes@softweyr.com> <20031121095939.GS511@garage.freebsd.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031121095939.GS511@garage.freebsd.pl>
User-Agent: Mutt/1.4.1i
cc: freebsd-hackers@freebsd.org
cc: phk@freebsd.org
Subject: Re: "secure" file flag?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Nov 2003 11:13:16 -0000

On Fri, Nov 21, 2003 at 10:59:40AM +0100, Pawel Jakub Dawidek wrote:
>Such "secure" flag for running process could be also implemented with
>multiple meanings:

Is the "secure" flag intended to protect the process image from the invoking
user as well as other users?

>1. All freed pages have to be zeroed.
>2. All removed files have to be overwritten.
>3. Umask for newly created files should be 0077.
>4. "secure" flag for newly created files should be forced?
>5. ...

5. Modified pages can't be written to swap (unless swap is encrypted).
6. Process get setuid-type treatment of core-dumps and rtld environment etc
...

Peter