From owner-freebsd-security  Wed Aug 26 14:06:11 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA18699
          for freebsd-security-outgoing; Wed, 26 Aug 1998 14:06:11 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from pubnix.org (www.pubnix.org [155.229.39.88])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18644
          for <freebsd-security@FreeBSD.ORG>; Wed, 26 Aug 1998 14:06:05 -0700 (PDT)
          (envelope-from jtb@pubnix.org)
Received: from localhost (jtb@localhost)
	by pubnix.org (8.8.8/NooWop) with SMTP id QAA07819;
	Wed, 26 Aug 1998 16:09:28 -0400 (EDT)
Date: Wed, 26 Aug 1998 16:09:26 -0400 (EDT)
From: jtb <jtb@pubnix.org>
To: Nicholas Charles Brawn <ncb05@uow.edu.au>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: trusted path execution patch
In-Reply-To: <Pine.SOL.4.02A.9808260223120.247-100000@banshee.cs.uow.edu.au>
Message-ID: <Pine.SOL.3.96.980826155715.7581A-100000@pubnix.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

While working on my hardened FreeBSD kernel last fall I had many
discussions with Brian Matthews and Tom Ptacek about the TPE
implementation I wanted to put into my kernel.  As I was talking to Tom we
got to discussing daemon9(route)'s implementation of tpe in the linux
kernel, and Tom had told me that he had an alternate way of doing it.  I
have yet to implement it in my kernel as I have very little experience
dealing with inode/vnode/namei information on files and directories.
Anyways Tom explained to me the way he had done it was to create a linked
list of trusted directories where applications could be excuted out of and
at runtime to have execve() to check whether or not said file was in one
of said directories.  Like I said I don't know enough about namei
information retrieval to implement this, but if someone wants to give me a
hand I'd be more than willing to help them implement it, also if anyone
else is doing something similar let me know, I'd be glad to lend a hand.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jonathan T. Bowie	ADM		w00w00		WSD
jobe@sekurity.org	jtb@pubnix.org		jobe@dataforce.net
Independant Security Developer
Home: (603)436-5698	"I'd hate to advocate drugs, sex, alcohol 
                          violence... to any one, but they've worked
                           for me."   -- Hunter S. Thompson
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message