[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurdish applications for persistence

From: Bas Wijnen
Subject: Re: Hurdish applications for persistence
Date: Tue, 11 Oct 2005 15:00:22 +0200
User-agent: Mutt/1.5.11

On Tue, Oct 11, 2005 at 12:29:35PM +0200, Alfred M. Szmidt wrote:
> A obvious security exploit in the chroot() implementation (or really,
> file_reparent) and not in how passive translators work.  If you want a
> secure chroot enviroment (right now atleast) then you should run a
> sub-hurd.  Where this isn't possible (atleast, I have never been able
> to break out of a sub-hurd, and I have tried).  So instead of using
> broken UNIXoid ideas like chroot, it would make far more sense to
> implement a light-weight sub-hurd which can be used like chroot.

A problem here is that programs aren't and shouldn't be written solely for the
Hurd.  People should want to write portable programs, which means they don't
want to use platform-specific extentions.  This means a library is needed for
them.  But chroot exists, and if you replace it by a library call, nobody will
use it.

The obvious solution in this case would be to make chroot a libc call which
really just builds a sub-hurd.  However, I don't think that solves all the
problems.  Having the filesystem construct a "sane" environment is a very
fragile approach, and persistance sounds like a better solution to the
problem.  However, that has its costs as well, and I have no idea how big they


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]