From owner-freebsd-current  Tue Dec 15 08:45:09 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA17247
          for freebsd-current-outgoing; Tue, 15 Dec 1998 08:45:09 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from fep2-orange.clear.net.nz (fep2-orange.clear.net.nz [203.97.32.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA17242
          for <freebsd-current@FreeBSD.ORG>; Tue, 15 Dec 1998 08:45:06 -0800 (PST)
          (envelope-from jabley@buddha.clear.net.nz)
Received: from buddha.clear.net.nz (buddha.clear.net.nz [192.168.24.106]) by fep2-orange.clear.net.nz (1.5/1.9) with ESMTP id FAA27117; Wed, 16 Dec 1998 05:40:36 +1300 (NZDT)
Received: (from jabley@localhost)
	by buddha.clear.net.nz (8.9.1/8.9.1) id FAA27138;
	Wed, 16 Dec 1998 05:40:35 +1300 (NZDT)
Message-ID: <19981216054035.C27078@clear.co.nz>
Date: Wed, 16 Dec 1998 05:40:35 +1300
From: Joe Abley <jabley@clear.co.nz>
To: Mark Murray <mark@grondar.za>
Cc: Kevin Day <toasty@home.dragondata.com>, freebsd-current@FreeBSD.ORG,
        jabley@clear.co.nz
Subject: Re: modification to exec in the kernel?
References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com> <19981215124818.A22526@clear.co.nz> <199812150644.IAA67338@greenpeace.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199812150644.IAA67338@greenpeace.grondar.za>; from Mark Murray on Tue, Dec 15, 1998 at 08:44:16AM +0200
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Dec 15, 1998 at 08:44:16AM +0200, Mark Murray wrote:
> Joe Abley wrote:
> > I looked at that; however, remember the users will have chrooted access
> > to their directories, and within the chrooted tree will be /usr and
> > descendants containing controlled binaries (owned by someone else, e.g.
> > "root") like perl, awk, sh, etc.
> 
> Your security model is flawed. A user can do anything she wants
> (justabout) with shellscript and perl. Picking on compiled binaries
> is not going to make you that much safer.

"Just about" - so there are _some_ exploits that would require a user-supplied
binary? So preventing execution of user-supplied binaries does give _some_
safety benefit?

I take your point, though - I was forgetting how much feature bloat there
is in perl.

Why people can't just make do with awk is a little beyond me :)


Joe


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message