Date: Tue, 25 Aug 1998 17:20:46 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Joel Ray Holveck <joelh@gnu.org> Cc: dpk@notreal.com, garbanzo@hooked.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <Pine.BSF.3.96.980825163712.29140B-100000@fledge.watson.org> In-Reply-To: <199808251922.OAA00955@detlev.UUCP>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Aug 1998, Joel Ray Holveck wrote: > > My favored choice would be to modify the standard dynamic link support to > > check /etc/ld.conf (or a sysctl) to determine whether the system policy > > currently allowed dynamic linking or not, and if so, whether user-defined > > paths were allowed. This, in combination with the bless-support would > > work pretty well. > > Would /etc/ld.conf be vulnerable to chroots? > > Best, > joelh I was tempted to make the code be influenced by a sysctl -- something that can be read regardless of environment, and would give an indication of the current system policy. However, this is the same problem we keep running into -- I wonder if there is a better solution? chroot causes us a number of problems with code trusting file trees to provide a reliable source for policy and security information. We see libraries (getpwent, etc) consistently relying on the accuracy of paths for reaching resources. However, then we see chroot attempting to provide security by "sandboxing" while at the same time undermining the security mechanisms provided by the remainder of the operating system. It is the desire to have variable file trees displayed to different applications at the same time as having a unique and enforced file tree displayed. This type of sandboxing does not fit well into the standard UNIX model. It might be better served in a dynamic code + message based architecture (such as some combination of Java and Mach). Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980825163712.29140B-100000>