ASLR and PIE disabled by default
Matthew Dillon
dillon at backplane.com
Mon Apr 3 16:39:19 PDT 2017
honestly I think capsicum and most other FreeBSD mechanisms are the wrong
approach. Or more to the point, the implementation is spread out across so
much stuff or requires complex setup or requires the programs to implement
the measures themselves that I have very low confidence in its security.
Its like have a wall with ten thousand windows in it.
All I want is a way to run a program with a security wrapper that simply
indicates which files and directories (or directory trees) can be accessed
or written to, and some simple resource and network port restrictions, laid
out in a text file, and have exec*() take care of everything. I don't want
to have to construct a jail for everything, I don't want to have fine
control over descriptor passing... I don't want to have to modify the
program to make it more secure. I just want a simple 'here are the files
and directories this program can access', 'here are the network ports this
program can listen on', 'here is what the program can connect to', 'here
are some basic resource restrictions so the program can't crash the machine
or DOS it', ... and that's pretty much it.
People literally create whole virtual systems JUST to do that.
-Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20170403/d011601a/attachment-0002.html>
More information about the Users
mailing list