Date: Thu, 20 Jul 2000 12:08:08 -0600 From: Warner Losh <imp@village.org> To: Marcel Moolenaar <marcel@cup.hp.com> Cc: Robert Watson <rwatson@FreeBSD.org>, security-officer@FreeBSD.org, emulation@FreeBSD.org Subject: Re: Linuxulator and security [was: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c] Message-ID: <200007201808.MAA92185@harmony.village.org> In-Reply-To: Your message of "Thu, 20 Jul 2000 10:58:11 PDT." <39773DB3.D12C43C9@cup.hp.com> References: <39773DB3.D12C43C9@cup.hp.com> <39773728.7D94D63F@cup.hp.com> <Pine.NEB.3.96L.1000720125351.85018B-100000@fledge.watson.org> <200007201738.LAA91857@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <39773DB3.D12C43C9@cup.hp.com> Marcel Moolenaar writes: : [removed from cvs-all and committers; added to emulation] : : Warner Losh wrote: : > : > In message <39773728.7D94D63F@cup.hp.com> Marcel Moolenaar writes: : > : There's no such thing as half-security. You either (try to) provide a : > : secure emulator or you don't. Currently, the Linuxulator has many holes. : > : If we're going to shift our focus from getting the most applications to : > : run to making the Linuxulator secure, we have to take into account all : > : the non-technical consequences as well. Which ever way we choose, we : > : need to have the support of the FreeBSD community at large. : > : > I'm sure that if we could bring a more secure version of Linux than : > Linux, we'd have widespread support. What things would break if we : > did them more securely? : : Doing the same, but only more secure should not introduce breakages. The : point is that you either won't be able to emulate or have to pay a : performance penalty. The former prevents applications to run if they : happen to use or depend on un-emulatable syscalls, the latter influences : the usability of the Linuxulator at large. We have to be careful in our : quest to make the Linuxulator secure that we do not render it useless : due to a reduced application base and/or poor performance. But having security holes is not acceptible at all. I'm sorry if that makes things run more slowly, but we are a secure OS and we take security very seriously. There isn't an exception for the linuxulator because it is convenient to do so. It has just escaped my notice until now. I don't think that the security models are that radically different that we can't do the safe thing when we need to. : > : BTW: Making the Linuxulator secure is relatively easy if you only count : > : Linux binaries that are developed for a real Linux system. It's much : > : harder to make it secure for any Linux binaries that are designed to : > : exploit bugs in the Linuxulator, right? : > : > No. : : Please explain how it can not be harder. I guess I meant "no, you have to make it secure against all attackers" not "no, it wouldn't be harder." I suspect that it might be difficult to do this in some cases. : > Programs that attack bugs in the linuxulator need to be defended : > against. Otherwise, we've just introduced a big, huge security hole : > into FreeBSD which isn't acceptible. Lots of people run the : > Linuxulator, so any attacks that one can launch on it will have a : > large i mpact in our user base. : : Exactly. I think that closing the security holes also has a large impact : on our user base. And not closing them will give FreeBSD a big black eye if someone can come up with a binary that will crash the system or give it elevated privs, etc. I think that the linuxulator has done an excellent job of emulating things. We just need to now make sure that it doesn't introduce holes into the system, either from allowing setuid linux programs to do bad things, or by allowing non-setuid programs to cause bad things to happen to the system. I don't have anything specific in mind, but wanted to reiterate this point. I'll take a look at the linuxulator as time allows and work with you to address concerns, if any, that I find. Fair enough? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007201808.MAA92185>