Date: Wed, 26 Aug 1998 16:09:26 -0400 (EDT) From: jtb <jtb@pubnix.org> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: trusted path execution patch Message-ID: <Pine.SOL.3.96.980826155715.7581A-100000@pubnix.org> In-Reply-To: <Pine.SOL.4.02A.9808260223120.247-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
While working on my hardened FreeBSD kernel last fall I had many discussions with Brian Matthews and Tom Ptacek about the TPE implementation I wanted to put into my kernel. As I was talking to Tom we got to discussing daemon9(route)'s implementation of tpe in the linux kernel, and Tom had told me that he had an alternate way of doing it. I have yet to implement it in my kernel as I have very little experience dealing with inode/vnode/namei information on files and directories. Anyways Tom explained to me the way he had done it was to create a linked list of trusted directories where applications could be excuted out of and at runtime to have execve() to check whether or not said file was in one of said directories. Like I said I don't know enough about namei information retrieval to implement this, but if someone wants to give me a hand I'd be more than willing to help them implement it, also if anyone else is doing something similar let me know, I'd be glad to lend a hand. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Jonathan T. Bowie ADM w00w00 WSD jobe@sekurity.org jtb@pubnix.org jobe@dataforce.net Independant Security Developer Home: (603)436-5698 "I'd hate to advocate drugs, sex, alcohol violence... to any one, but they've worked for me." -- Hunter S. Thompson =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96.980826155715.7581A-100000>