[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hurdish applications for persistence
From: |
Bas Wijnen |
Subject: |
Re: Hurdish applications for persistence |
Date: |
Thu, 13 Oct 2005 11:48:42 +0200 |
User-agent: |
Mutt/1.5.11 |
On Wed, Oct 12, 2005 at 09:21:24PM -0400, Jonathan S. Shapiro wrote:
> Umm, guys? Chroot() was a late bolt-on to UNIX that attempted to provide
> a best-effort approximation to confinement in a system where it was way
> too late to do the real thing.
>
> There may be a good reason to copy a known bad quick patch when we now
> have a better solution, but could somebody explain it to me?
Because we want POSIX, of course. However, in this case I would suggest a
different solution: Provide chroot, but let it fail unless an environment
variable or something is set (I_KNOW_CHROOT_IS_NOT_SECURE_ON_THIS_PLATFORM or
so). That way, it cannot be used by accident, but POSIX programs still work.
Obviously, any program which needs chroot for security should be ported.
Usually this will most likely remove the need for superuser priviledges
altogether, which is good.
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Chroot and "..", (continued)
- Re: Chroot and "..", Jonathan S. Shapiro, 2005/10/13
- Re: Chroot and "..", Alfred M\. Szmidt, 2005/10/13
- Re: Chroot and "..", Jonathan S. Shapiro, 2005/10/13
- Re: Chroot and "..", Alfred M\. Szmidt, 2005/10/13
- Re: Chroot and "..", Jonathan S. Shapiro, 2005/10/13
- Re: Chroot and "..", Alfred M\. Szmidt, 2005/10/13
- Re: Chroot and "..", Jonathan S. Shapiro, 2005/10/13
- Re: Chroot and "..", Espen Skoglund, 2005/10/13
- Re: Chroot and "..", Jonathan S. Shapiro, 2005/10/13
- Re: Chroot and "..", Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence,
Bas Wijnen <=
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Jonathan S. Shapiro, 2005/10/13
- Re: Hurdish applications for persistence, Bas Wijnen, 2005/10/14
- Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/14
- Re: Hurdish applications for persistence, Jonathan S. Shapiro, 2005/10/14
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
- Re: Hurdish applications for persistence, Jonathan S. Shapiro, 2005/10/12
- Re: Hurdish applications for persistence, Alfred M\. Szmidt, 2005/10/13
Re: Hurdish applications for persistence, Marcus Brinkmann, 2005/10/12