A new kind of security needed
Julian Elischer
julian at elischer.org
Thu Jul 24 15:52:58 UTC 2008
Robert Watson wrote:
>
> On Thu, 24 Jul 2008, Kostik Belousov wrote:
>
>>> Lots of people care a lot about plan9. The problem is that it's a
>>> lot like UNIX. UNIX presupposes lots of special-purpose applications
>>> doing rather specific and well-defined things, and that is a
>>> decreasingly accurate reflection of the way people write
>>> applications. All these security extensions get extremely messy the
>>> moment you have general-purpose applications that you want to be able
>>> to do some things some times, and other things other times, and where
>>> the nature of the protections you want depends on, and changes with,
>>> the whim of the user. The complex structure of modern UNIX
>>> applications doesn't help (lots of dependent libraries, files,
>>> interpreters, etc), because it almost instantly pushes the package
>>> dependency problem into the access control problem. I don't think
>>> it's hopeless, but I think that any answer that looks simple is
>>> probably wrong by definition. :-)
>>
>> I think that the per-process namespaces are useful, and can be added
>> to the existing Unix model with quite favourable consequences. On the
>> other hand, I do not think that security is the most important
>> application of the namespaces, or even have a direct relation to it.
>>
>> Implementing namespaces for FreeBSD looks as an doable and quite
>> interesting project for me :).
>
> Sounds good to me :-).
there is some work going on by the Verio guys and by others with
some namespace separation..
>
> As with all such project (variant symlinks, process-local name spaces,
> etc), do be very careful about security -- often as not, such projects
> risk tripping over problems with privilege-escalated processes, such as
> setuid binaries, etc, which place strong trust in the file system name
> space.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list