On Wed, 4 Feb 2004, Chris Higgins wrote:
> Do we ? Are we not better to assume that 'untrusted' means
> just that - and not attribute more or less trust based on
> what we think the data is ,
I'd agree with that. What would be an aid here would be ability to
easily create arbitrary 'sandboxes' to run possibly tainted code inÂ.
We're part of the way there with bind mounts. But those can only take
directories as their targets, if you could bind mount at a file level
you could map individual binaries into some kind of sand box area and
make it easy to create on-the-fly chroots (with things like
CAP_SYS_PTRACE removed from inherited capability set to prevent
access to data in other processes belonging to user).
1. For purposes of this discussion, data (especially complex) which
is to be interpreted in some form by a trusted helper binary still
counts as possibly tainted code: trusted binary + vulnerability +
untrusted data = untrusted code.
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam at dishone.st
Genius is one percent inspiration and ninety-nine percent perspiration.
-- Thomas Alva Edison
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!