Date: Mon, 24 Aug 1998 17:11:55 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: David Kirchner <dpk@notreal.com> Cc: Alex <garbanzo@hooked.net>, "B. Richardson" <rabtter@aye.net>, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <Pine.BSF.3.96.980824171015.25644D-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.02A.9808241319280.24290-100000@notreal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Aug 1998, David Kirchner wrote: > Maybe create a utility that can "bless" binaries. 'root' would only be > able to execute blessed binaries. setuid binaries could on be run if > blessed, etc. Same idea, but the flag could be set on a different server > before the file is copied over. i.e., a file system flag, or table that the kernel loads from disk. This sounds pretty straight-forward. > > > However, this runs into the problem of shared libraries -- as long as > > > LD_LIBRARY_PATH exists, the possibility of running user-specified code > > > also exists. This also doesn't help you if the bugs are in existing code > > > (that is, in sperl :). > > The truly paranoid could just compile everything run as root staticly. > > > Yes, but one could easily hardcode LD_LIBRARY_PATH to search /usr/lib or > > whatever first. > > > > - alex > > Or for the less paranoid, they could do this. :) My favored choice would be to modify the standard dynamic link support to check /etc/ld.conf (or a sysctl) to determine whether the system policy currently allowed dynamic linking or not, and if so, whether user-defined paths were allowed. This, in combination with the bless-support would work pretty well. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980824171015.25644D-100000>