NetBSD's veriexec port

Oliver Fromme check+krhy0400rsh0i2f7 at fromme.com
Wed Oct 14 02:07:35 PDT 2009


Matthew Dillon wrote:
 >    Another cool feature would be a similar system call which does a 
 >    soft-chroot (I just made up that name)...  Modifying filesystem
 >    calls would only be allowed within the soft-chroot, but the real
 >    root of the filesystem would still be whatever it was before.  The
 >    idea here is that you might have an application which you'd rather
 >    not trust but which performs important functions on your behalf, and
 >    you want an easy way to run it without giving it the ability to mess
 >    around with your entire account.

I think that's already possible, without the need for a new
system call.

Create a new mountpoint somewhere, nullfs-mount your normal
file systems (/, /usr, /whatever) read-only at that mount-
point, then nullfs-mount the "soft-chroot" directory (can
be even more than one!) at the proper place under that
mount-point with write access.  Then chroot into that
mountpoint, using the regular chroot() system call, or
even jail().

The effect should be the same as the proposed softchroot()
system call, but more flexible and extensible.

It should be easy to wrap it into a script, so you don't
have to do all of that mounting etc. yourself each time.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd





More information about the Kernel mailing list