PERFORCE change 156469 for review
Robert Watson
rwatson at FreeBSD.org
Wed Jan 21 06:59:59 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=156469
Change 156469 by rwatson at rwatson_freebsd_capabilities on 2009/01/21 14:59:39
Update TODO -- a few things done, a few more things to do.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/TODO#10 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/TODO#10 (text+ko) ====
@@ -13,11 +13,11 @@
user databases, libraries, etc, with a POSIX interface within the
capability mode process.
-- Implement scoping for pid-based system calls, tracking a new "inheritence"
- relationship to authorize such calls. Unclear what the most efficient way
- to do this is, but it only matters for processes actually in capability
- mode so won't affect general performance, just capability mode performance
- until optimizations are found.
+- Get shared objects working in capability mode by creating a cap_ld-elf.so
+ that will take the binary to run as a file descriptor argument in order
+ to avoid needing to run the interpreter directly from the fexecve(2)
+ context. Consider carefully the implications on creating binaries, ELF,
+ etc.
- ... bigger and better things ...
@@ -45,7 +45,3 @@
maxprot.
- MAC control of capability facility.
-
-- fxecve(2) may allow eluding capability mode control due to evaluating
- script interpreter entries on script file descriptors; when in capability
- mode we must disallow script behavior.
More information about the p4-projects
mailing list