Date: Thu, 20 Jul 2000 10:58:11 -0700 From: Marcel Moolenaar <marcel@cup.hp.com> To: Warner Losh <imp@village.org> Cc: Robert Watson <rwatson@FreeBSD.org>, security-officer@FreeBSD.org, emulation@FreeBSD.org Subject: Linuxulator and security [was: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c] Message-ID: <39773DB3.D12C43C9@cup.hp.com> References: <39773728.7D94D63F@cup.hp.com> <Pine.NEB.3.96L.1000720125351.85018B-100000@fledge.watson.org> <200007201738.LAA91857@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[removed from cvs-all and committers; added to emulation] Warner Losh wrote: > > In message <39773728.7D94D63F@cup.hp.com> Marcel Moolenaar writes: > : There's no such thing as half-security. You either (try to) provide a > : secure emulator or you don't. Currently, the Linuxulator has many holes. > : If we're going to shift our focus from getting the most applications to > : run to making the Linuxulator secure, we have to take into account all > : the non-technical consequences as well. Which ever way we choose, we > : need to have the support of the FreeBSD community at large. > > I'm sure that if we could bring a more secure version of Linux than > Linux, we'd have widespread support. What things would break if we > did them more securely? Doing the same, but only more secure should not introduce breakages. The point is that you either won't be able to emulate or have to pay a performance penalty. The former prevents applications to run if they happen to use or depend on un-emulatable syscalls, the latter influences the usability of the Linuxulator at large. We have to be careful in our quest to make the Linuxulator secure that we do not render it useless due to a reduced application base and/or poor performance. > : BTW: Making the Linuxulator secure is relatively easy if you only count > : Linux binaries that are developed for a real Linux system. It's much > : harder to make it secure for any Linux binaries that are designed to > : exploit bugs in the Linuxulator, right? > > No. Please explain how it can not be harder. > Programs that attack bugs in the linuxulator need to be defended > against. Otherwise, we've just introduced a big, huge security hole > into FreeBSD which isn't acceptible. Lots of people run the > Linuxulator, so any attacks that one can launch on it will have a > large i mpact in our user base. Exactly. I think that closing the security holes also has a large impact on our user base. -- Marcel Moolenaar mail: marcel@cup.hp.com / marcel@FreeBSD.org tel: (408) 447-4222 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39773DB3.D12C43C9>