Re: A new kind of security needed

Thu, 24 Jul 2008 09:43:43 -0700 

Robert Watson wrote:


On Thu, 24 Jul 2008, Kostik Belousov wrote:


Lots of people care a lot about plan9.  The problem is that it's a 
lot like UNIX.  UNIX presupposes lots of special-purpose applications 
doing rather specific and well-defined things, and that is a 
decreasingly accurate reflection of the way people write 
applications.  All these security extensions get extremely messy the 
moment you have general-purpose applications that you want to be able 
to do some things some times, and other things other times, and where 
the nature of the protections you want depends on, and changes with, 
the whim of the user.  The complex structure of modern UNIX 
applications doesn't help (lots of dependent libraries, files, 
interpreters, etc), because it almost instantly pushes the package 
dependency problem into the access control problem.  I don't think 
it's hopeless, but I think that any answer that looks simple is 
probably wrong by definition.  :-)



I think that the per-process namespaces are useful, and can be added 
to the existing Unix model with quite favourable consequences. On the 
other hand, I do not think that security is the most important 
application of the namespaces, or even have a direct relation to it.



Implementing namespaces for FreeBSD looks as an doable and quite 
interesting project for me :).


Sounds good to me :-).


there is some work going on by the Verio guys and by others with
some namespace separation..




As with all such project (variant symlinks, process-local name spaces, 
etc), do be very careful about security -- often as not, such projects 
risk tripping over problems with privilege-escalated processes, such as 
setuid binaries, etc, which place strong trust in the file system name 
space.


Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

























					Reply via email to