Date: Thu, 24 Jul 2008 10:06:19 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Kostik Belousov <kostikbel@gmail.com> Cc: Liste FreeBSD-security <freebsd-security@freebsd.org>, Lyndon Nerenberg <lyndon@orthanc.ca> Subject: Re: A new kind of security needed Message-ID: <20080724100439.D63347@fledge.watson.org> In-Reply-To: <20080724085910.GG97161@deviant.kiev.zoral.com.ua> References: <f383264b0807161710m285ed915m8ea9d088fbe83df9@mail.gmail.com> <alpine.BSF.1.00.0807162303490.34772@treehorn.dfmm.org> <884CB541-7977-4EF1-9B72-7226BDF30188@patpro.net> <20080717085136.B87887@fledge.watson.org> <05661513-E0DA-4B33-BD4E-FCF73943F332@orthanc.ca> <20080724090549.G63347@fledge.watson.org> <20080724085910.GG97161@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Jul 2008, Kostik Belousov wrote: >> Lots of people care a lot about plan9. The problem is that it's a lot like >> UNIX. UNIX presupposes lots of special-purpose applications doing rather >> specific and well-defined things, and that is a decreasingly accurate >> reflection of the way people write applications. All these security >> extensions get extremely messy the moment you have general-purpose >> applications that you want to be able to do some things some times, and >> other things other times, and where the nature of the protections you want >> depends on, and changes with, the whim of the user. The complex structure >> of modern UNIX applications doesn't help (lots of dependent libraries, >> files, interpreters, etc), because it almost instantly pushes the package >> dependency problem into the access control problem. I don't think it's >> hopeless, but I think that any answer that looks simple is probably wrong >> by definition. :-) > > I think that the per-process namespaces are useful, and can be added to the > existing Unix model with quite favourable consequences. On the other hand, I > do not think that security is the most important application of the > namespaces, or even have a direct relation to it. > > Implementing namespaces for FreeBSD looks as an doable and quite interesting > project for me :). Sounds good to me :-). As with all such project (variant symlinks, process-local name spaces, etc), do be very careful about security -- often as not, such projects risk tripping over problems with privilege-escalated processes, such as setuid binaries, etc, which place strong trust in the file system name space. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080724100439.D63347>