A new kind of security needed

Julian Elischer julian at elischer.org
Thu Jul 24 15:52:58 UTC 2008 

Robert Watson wrote:
> 
> On Thu, 24 Jul 2008, Kostik Belousov wrote:
> 
>>> Lots of people care a lot about plan9.  The problem is that it's a 
>>> lot like UNIX.  UNIX presupposes lots of special-purpose applications 
>>> doing rather specific and well-defined things, and that is a 
>>> decreasingly accurate reflection of the way people write 
>>> applications.  All these security extensions get extremely messy the 
>>> moment you have general-purpose applications that you want to be able 
>>> to do some things some times, and other things other times, and where 
>>> the nature of the protections you want depends on, and changes with, 
>>> the whim of the user.  The complex structure of modern UNIX 
>>> applications doesn't help (lots of dependent libraries, files, 
>>> interpreters, etc), because it almost instantly pushes the package 
>>> dependency problem into the access control problem.  I don't think 
>>> it's hopeless, but I think that any answer that looks simple is 
>>> probably wrong by definition.  :-)
>>
>> I think that the per-process namespaces are useful, and can be added 
>> to the existing Unix model with quite favourable consequences. On the 
>> other hand, I do not think that security is the most important 
>> application of the namespaces, or even have a direct relation to it.
>>
>> Implementing namespaces for FreeBSD looks as an doable and quite 
>> interesting project for me :).
> 
> Sounds good to me :-).

there is some work going on by the Verio guys and by others with
some namespace separation..

> 
> As with all such project (variant symlinks, process-local name spaces, 
> etc), do be very careful about security -- often as not, such projects 
> risk tripping over problems with privilege-escalated processes, such as 
> setuid binaries, etc, which place strong trust in the file system name 
> space.
> 
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

More information about the freebsd-security mailing list