Date: Sun, 3 Nov 1996 06:11:20 +0100 (MET) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: newton@communica.com.au (Mark Newton) Cc: freebsd-security@freebsd.org Subject: Re: chroot() security Message-ID: <199611030511.GAA14093@ocean.campus.luth.se> In-Reply-To: <9611021806.AA19481@communica.com.au> from Mark Newton at "Nov 3, 96 04:36:41 am"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Mark Newton: [...] > Note that I'm not suggesting this as something that should be added to > FreeBSD per se; Rather, I'm suggesting that users of FreeBSD in security- > critical environments can benefit from having kernel sources by taking > the opportunity to "harden" their kernel. Those who make the attempt > will find that once their security policy has been codified in written form, > translating that written form to source code is surprisingly easy > (interdependencies and subtle interrelationships notwithstanding - Be > careful!). The suggestion given above, for example, can be implemented > with just a few lines of C. (Gives me some ideas. Thought I'd share them.) Why not? Make an option for it in the LINT file, and just #ifdef it? option SAFER_CHROOT #Warning, this might break some executables. Something like it, at least? Or maybe make some sysclt or something where you can set it on a per process basis? And/Or have a safer_chroot() or no_setuid_chroot() lib call that lets you add a FreeBSD specific (unless this is copied to other OSes) patch in ports, etc to make some programs more secure? I have no idea how braindamaged any of these ideas are, and for what reason, but I thought I'd see the reactions on this. /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611030511.GAA14093>