From owner-freebsd-emulation Thu Jul 20 11:29:46 2000 Delivered-To: freebsd-emulation@freebsd.org Received: from palrel1.hp.com (palrel1.hp.com [156.153.255.242]) by hub.freebsd.org (Postfix) with ESMTP id 17A2D37BB5E; Thu, 20 Jul 2000 11:29:44 -0700 (PDT) (envelope-from marcel@cup.hp.com) Received: from adlmail.cup.hp.com (adlmail.cup.hp.com [15.0.100.30]) by palrel1.hp.com (Postfix) with ESMTP id 5060215B5; Thu, 20 Jul 2000 11:28:21 -0700 (PDT) Received: from cup.hp.com (gauss.cup.hp.com [15.28.97.152]) by adlmail.cup.hp.com (8.9.3 (PHNE_18979)/8.9.3 SMKit7.02) with ESMTP id LAA00278; Thu, 20 Jul 2000 11:28:05 -0700 (PDT) Message-ID: <397744B5.513D3070@cup.hp.com> Date: Thu, 20 Jul 2000 11:28:05 -0700 From: Marcel Moolenaar Organization: Hewlett-Packard X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: Robert Watson , security-officer@FreeBSD.ORG, emulation@FreeBSD.ORG Subject: Re: Linuxulator and security [was: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c] References: <39773DB3.D12C43C9@cup.hp.com> <39773728.7D94D63F@cup.hp.com> <200007201738.LAA91857@harmony.village.org> <200007201808.MAA92185@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > : > I'm sure that if we could bring a more secure version of Linux than > : > Linux, we'd have widespread support. What things would break if we > : > did them more securely? > : > : Doing the same, but only more secure should not introduce breakages. The > : point is that you either won't be able to emulate or have to pay a > : performance penalty. The former prevents applications to run if they > : happen to use or depend on un-emulatable syscalls, the latter influences > : the usability of the Linuxulator at large. We have to be careful in our > : quest to make the Linuxulator secure that we do not render it useless > : due to a reduced application base and/or poor performance. > > But having security holes is not acceptible at all. I'm sorry if that > makes things run more slowly, but we are a secure OS and we take > security very seriously. I'm not necessarily disagreeing. All I'm saying is that we shouldn't just turn the wheel, U-turn and be done with it. There may be roadblocks we could have avoided if we simply took the next intersection... As I said to Robert in a private email (but slightly different): Issue raised. Point taken. Don't panic. > happen to the system. I don't have anything specific in mind, but > wanted to reiterate this point. I'll take a look at the linuxulator > as time allows and work with you to address concerns, if any, that I > find. Fair enough? Sure. -- Marcel Moolenaar mail: marcel@cup.hp.com / marcel@FreeBSD.org tel: (408) 447-4222 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message