From owner-freebsd-hackers Mon Aug 24 14:12:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA07250 for freebsd-hackers-outgoing; Mon, 24 Aug 1998 14:12:56 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA07242 for ; Mon, 24 Aug 1998 14:12:52 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id RAA25669; Mon, 24 Aug 1998 17:11:55 -0400 (EDT) Date: Mon, 24 Aug 1998 17:11:55 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: David Kirchner cc: Alex , "B. Richardson" , hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 24 Aug 1998, David Kirchner wrote: > Maybe create a utility that can "bless" binaries. 'root' would only be > able to execute blessed binaries. setuid binaries could on be run if > blessed, etc. Same idea, but the flag could be set on a different server > before the file is copied over. i.e., a file system flag, or table that the kernel loads from disk. This sounds pretty straight-forward. > > > However, this runs into the problem of shared libraries -- as long as > > > LD_LIBRARY_PATH exists, the possibility of running user-specified code > > > also exists. This also doesn't help you if the bugs are in existing code > > > (that is, in sperl :). > > The truly paranoid could just compile everything run as root staticly. > > > Yes, but one could easily hardcode LD_LIBRARY_PATH to search /usr/lib or > > whatever first. > > > > - alex > > Or for the less paranoid, they could do this. :) My favored choice would be to modify the standard dynamic link support to check /etc/ld.conf (or a sysctl) to determine whether the system policy currently allowed dynamic linking or not, and if so, whether user-defined paths were allowed. This, in combination with the bless-support would work pretty well. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message