Date: Sun, 7 Nov 1999 00:07:47 -0800 (PST) From: Sean Eric Fagan <sef@kithrup.com> To: hackers@freebsd.org Subject: Re: Procfs' pointers to files. Message-ID: <199911070807.AAA01199@kithrup.com> In-Reply-To: <38252A5C.2C388485.kithrup.freebsd.hackers@newsguy.com> References: <Pine.BSF.4.10.9911061552120.846-100000@green.myip.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <38252A5C.2C388485.kithrup.freebsd.hackers@newsguy.com> you write: >Brian Fundakowski Feldman wrote: >> It sounds to me that what you really want are the semantics of a >> symbolic link and not the semantics of a hard link. Is it just me, >> or does it seem as if the pathname of the executable being stored as >> a virtual symlink in procfs as "file" would solve these security >> problems? >Mmmmm... I like that... I don't, but what I like doesn't matter, it seems -- Warner knows everything. So I'm sure he knows better than I do the overhead this will impose, and the impracticality in a general system. Unix really isn't set up to carry around 'official pathnames,' due to the existence of symlinks and other fun stuff. Other systems are set up for this -- my favourite was EMBOS, by ELXSI -- and there are some _really_ nifty things you can do, if you have it. (Watchdogs and program-based-access-lists are my two favourite, the latter allowing you to get rid of SUID/SGID in many cases. There is a paper available on implementing watchdogs under unix [4.2bsd, I believe] that discusses some of this. If you're willing to cover 60-80% of the cases, instead of 95-100%, it's considerably easier.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911070807.AAA01199>