From owner-cvs-all  Thu Jul 20 10:38:53 2000
Delivered-To: cvs-all@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6696537C03C; Thu, 20 Jul 2000 10:38:40 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id LAA98901;
	Thu, 20 Jul 2000 11:38:38 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA91857; Thu, 20 Jul 2000 11:38:34 -0600 (MDT)
Message-Id: <200007201738.LAA91857@harmony.village.org>
To: Marcel Moolenaar <marcel@cup.hp.com>
Subject: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c 
Cc: Robert Watson <rwatson@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, security-officer@FreeBSD.org
In-reply-to: Your message of "Thu, 20 Jul 2000 10:30:16 PDT."
		<39773728.7D94D63F@cup.hp.com> 
References: <39773728.7D94D63F@cup.hp.com>  <Pine.NEB.3.96L.1000720125351.85018B-100000@fledge.watson.org> 
Date: Thu, 20 Jul 2000 11:38:34 -0600
From: Warner Losh <imp@village.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <39773728.7D94D63F@cup.hp.com> Marcel Moolenaar writes:
: There's no such thing as half-security. You either (try to) provide a
: secure emulator or you don't. Currently, the Linuxulator has many holes.
: If we're going to shift our focus from getting the most applications to
: run to making the Linuxulator secure, we have to take into account all
: the non-technical consequences as well. Which ever way we choose, we
: need to have the support of the FreeBSD community at large.

I'm sure that if we could bring a more secure version of Linux than
Linux, we'd have widespread support.  What things would break if we
did them more securely?

: BTW: Making the Linuxulator secure is relatively easy if you only count
: Linux binaries that are developed for a real Linux system. It's much
: harder to make it secure for any Linux binaries that are designed to
: exploit bugs in the Linuxulator, right?

No.  Programs that attack bugs in the linuxulator need to be defended
against.  Otherwise, we've just introduced a big, huge security hole
into FreeBSD which isn't acceptible.  Lots of people run the
Linuxulator, so any attacks that one can launch on it will have a
large i mpact in our user base.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message