Date: Thu, 20 Jul 2000 10:30:16 -0700 From: Marcel Moolenaar <marcel@cup.hp.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c Message-ID: <39773728.7D94D63F@cup.hp.com> References: <Pine.NEB.3.96L.1000720125351.85018B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > > If there's a shift in how we treat Linuxulator security issues, I'd like > > it to be discussed first. If any of the security officers decides after > > looking at the code that the implementation is too dangerous, I'll back > > it out. > > I guess the open question here is what path in the emulator provides us > with the greatest correctness of emulation while maintaining a safe and > rigorous (and consistent) security stance. Emulating security semantics > is a nightmare, and I think there are some situations where it's ok to > kludge, and some where it is not. There's no such thing as half-security. You either (try to) provide a secure emulator or you don't. Currently, the Linuxulator has many holes. If we're going to shift our focus from getting the most applications to run to making the Linuxulator secure, we have to take into account all the non-technical consequences as well. Which ever way we choose, we need to have the support of the FreeBSD community at large. BTW: Making the Linuxulator secure is relatively easy if you only count Linux binaries that are developed for a real Linux system. It's much harder to make it secure for any Linux binaries that are designed to exploit bugs in the Linuxulator, right? -- Marcel Moolenaar mail: marcel@cup.hp.com / marcel@FreeBSD.org tel: (408) 447-4222 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39773728.7D94D63F>