Date: Wed, 26 Aug 1998 16:09:26 -0400 (EDT) From: jtb <jtb@pubnix.org> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: trusted path execution patch Message-ID: <Pine.SOL.3.96.980826155715.7581A-100000@pubnix.org> In-Reply-To: <Pine.SOL.4.02A.9808260223120.247-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
While working on my hardened FreeBSD kernel last fall I had many
discussions with Brian Matthews and Tom Ptacek about the TPE
implementation I wanted to put into my kernel. As I was talking to Tom we
got to discussing daemon9(route)'s implementation of tpe in the linux
kernel, and Tom had told me that he had an alternate way of doing it. I
have yet to implement it in my kernel as I have very little experience
dealing with inode/vnode/namei information on files and directories.
Anyways Tom explained to me the way he had done it was to create a linked
list of trusted directories where applications could be excuted out of and
at runtime to have execve() to check whether or not said file was in one
of said directories. Like I said I don't know enough about namei
information retrieval to implement this, but if someone wants to give me a
hand I'd be more than willing to help them implement it, also if anyone
else is doing something similar let me know, I'd be glad to lend a hand.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jonathan T. Bowie ADM w00w00 WSD
jobe@sekurity.org jtb@pubnix.org jobe@dataforce.net
Independant Security Developer
Home: (603)436-5698 "I'd hate to advocate drugs, sex, alcohol
violence... to any one, but they've worked
for me." -- Hunter S. Thompson
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.980826155715.7581A-100000>