From owner-freebsd-hackers  Mon Aug 24 13:23:55 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA00631
          for freebsd-hackers-outgoing; Mon, 24 Aug 1998 13:23:55 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from notreal.com (afraid.of.scientol.ogy.org [206.86.192.197])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA00618
          for <hackers@FreeBSD.ORG>; Mon, 24 Aug 1998 13:23:51 -0700 (PDT)
          (envelope-from dpk@notreal.com)
Received: from localhost (dpk@localhost)
	by notreal.com (8.9.1/8.9.1) with SMTP id NAA24312;
	Mon, 24 Aug 1998 13:22:55 -0700 (PDT)
	(envelope-from dpk@notreal.com)
Date: Mon, 24 Aug 1998 13:22:55 -0700 (PDT)
From: David Kirchner <dpk@notreal.com>
To: Alex <garbanzo@hooked.net>
cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
        "B. Richardson" <rabtter@aye.net>, hackers@FreeBSD.ORG
Subject: Re: I want to break binary compatibility.
In-Reply-To: <Pine.BSF.4.00.9808241314080.228-100000@zippy.dyn.ml.org>
Message-ID: <Pine.BSF.4.02A.9808241319280.24290-100000@notreal.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 24 Aug 1998, Alex wrote:

> On Mon, 24 Aug 1998, Robert Watson wrote:
> 
> > 
> > Or, alternatively, just a file system flag "approved" that indicates a
> > binary has been approved for execution by the system operator.  This would
> > be default set on installed binaries, but could only be added by uid 0 (or
> > gid 0 or something).

Maybe create a utility that can "bless" binaries. 'root' would only be
able to execute blessed binaries. setuid binaries could on be run if
blessed, etc. Same idea, but the flag could be set on a different server
before the file is copied over.

> > However, this runs into the problem of shared libraries -- as long as
> > LD_LIBRARY_PATH exists, the possibility of running user-specified code
> > also exists.  This also doesn't help you if the bugs are in existing code
> > (that is, in sperl :).

The truly paranoid could just compile everything run as root staticly.

> Yes, but one could easily hardcode LD_LIBRARY_PATH to search /usr/lib or
> whatever first.
> 
> - alex

Or for the less paranoid, they could do this. :)

-dpk


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message