Re: A new kind of security needed


On Thu, 24 Jul 2008, Kostik Belousov wrote:

Lots of people care a lot about plan9. The problem is that it's a lot like UNIX. UNIX presupposes lots of special-purpose applications doing rather specific and well-defined things, and that is a decreasingly accurate reflection of the way people write applications. All these security extensions get extremely messy the moment you have general-purpose applications that you want to be able to do some things some times, and other things other times, and where the nature of the protections you want depends on, and changes with, the whim of the user. The complex structure of modern UNIX applications doesn't help (lots of dependent libraries, files, interpreters, etc), because it almost instantly pushes the package dependency problem into the access control problem. I don't think it's hopeless, but I think that any answer that looks simple is probably wrong by definition. :-)

I think that the per-process namespaces are useful, and can be added to the existing Unix model with quite favourable consequences. On the other hand, I do not think that security is the most important application of the namespaces, or even have a direct relation to it.

Implementing namespaces for FreeBSD looks as an doable and quite interesting project for me :).

Sounds good to me :-).

As with all such project (variant symlinks, process-local name spaces, etc), do be very careful about security -- often as not, such projects risk tripping over problems with privilege-escalated processes, such as setuid binaries, etc, which place strong trust in the file system name space.

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: VMS (was: GUI v Script)
    ... DEC's lead architect on VMS to do things right with WinNT. ... respect DOS was much closer to UNIX than to VMS. ... services UNIX provides for running applications can usually be counted ... and it provided true networking support, ...
    (comp.object)
  • Re: Unix runs faster, maybe (was: Re: Educating potential VMS users)
    ... Subject: Unix runs faster, maybe (was: Re: Educating ... potential VMS users) ... CPU, and hence CPU utilization *will* be low, even if the ... not simply involve install OS, add applications, test and move to prod. ...
    (comp.os.vms)
  • Re: An increasingly-rare island of corporate inspiration
    ... to take Unix code and compile/link/run on VMS. ... Most of the pieces I've hauled across recently tended to involve fixing latent bugs, or hacking out old fixes for now-present OpenVMS C RTL features -- well, I never had the patience necessary for the autoconf stuff, so I often just replaced the autoconf stuff with a brute-force DCL-based build. ... Applications can depend on various underlying packages and packages that may or may not be available, and on various APIs, and these can be quietly running unmodified for ten or twenty years. ... Releasing an application for even an OpenVMS upgrade can be expensive, and can involve re-testing, requalification, and multiple interlocking product upgrades -- porting these extrenched applications to another platform is yet more work, due to platform dependencies. ...
    (comp.os.vms)
  • Re: A new kind of security needed
    ... directories can be bind targets, and the source of the bind can as easily ... And the applications are blissfully unaware that any of this even exists. ... UNIX presupposes lots of special-purpose applications doing rather ... I think that the per-process namespaces are useful, ...
    (FreeBSD-Security)
  • [NEWS] Advanced Application-Level OS Fingerprinting: Practical Approaches and Examples
    ... Get your security news from a reliable source. ... Dan presents an alternate approach to application-level OS fingerprinting. ... cross-platform applications which result in OS-dependant responses. ... As a part of a default Apache ...
    (Securiteam)