Date: Wed, 21 Jan 2009 14:59:56 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 156469 for review Message-ID: <200901211459.n0LExu6F014091@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=156469 Change 156469 by rwatson@rwatson_freebsd_capabilities on 2009/01/21 14:59:39 Update TODO -- a few things done, a few more things to do. Affected files ... .. //depot/projects/trustedbsd/capabilities/TODO#10 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/TODO#10 (text+ko) ==== @@ -13,11 +13,11 @@ user databases, libraries, etc, with a POSIX interface within the capability mode process. -- Implement scoping for pid-based system calls, tracking a new "inheritence" - relationship to authorize such calls. Unclear what the most efficient way - to do this is, but it only matters for processes actually in capability - mode so won't affect general performance, just capability mode performance - until optimizations are found. +- Get shared objects working in capability mode by creating a cap_ld-elf.so + that will take the binary to run as a file descriptor argument in order + to avoid needing to run the interpreter directly from the fexecve(2) + context. Consider carefully the implications on creating binaries, ELF, + etc. - ... bigger and better things ... @@ -45,7 +45,3 @@ maxprot. - MAC control of capability facility. - -- fxecve(2) may allow eluding capability mode control due to evaluating - script interpreter entries on script file descriptors; when in capability - mode we must disallow script behavior.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901211459.n0LExu6F014091>