richardcoleman at mindspring.com
Fri Aug 1 13:49:04 PDT 2003
Matthew Dillon wrote:
Well, I am neutral on the topic. I generally consider these
sorts of security fixes as masking the problem rather then
fixing it. What I would like to see (and another reason for
doing the VFS layer and syscall emulation) is a way to limit
a program's ability to manipulate its environment to just
the files that we say it can access/modify. Also, the ability
to wrap a program with another program which takes control of
its syscalls (another reason for doing syscall messaging).
As an extreme example take a program like 'ls'. There is
no reason under the sun for the system to allow a program
like 'ls' to exec(), yet nearly all UNIX systems do allow
this. You get the drift of where I'm going...
The key is to make this all doable in userland. Restricting
these sorts of features to the kernel greatly reduces the
number of people who can potentially develop code up
Aren't these exactly the reason that people added Mandatory Access
Controls (MAC)? It sounds like you want a user space version of MAC's.
Also "systrace" does something similar. I know that OpenBSD has this.
richardcoleman at xxxxxxxxxxxxxx
More information about the Kernel