[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurdish applications for persistence

From: Alfred M\. Szmidt
Subject: Re: Hurdish applications for persistence
Date: Thu, 13 Oct 2005 10:27:53 +0200

   Good luck to run chroot() or mknod() as non-root!

If you start putting up arbitrary limits as what one can use, one can
always just say "You can't run anything".  Last time I checked, people
who exploit things don't care if you are allowed to do this or that.

   But I congratulate you, you have found yet another way to increase
   security by disallowing sharing rather completely.

This assumes that you can execute programs, you missed the bit about
not allowing that.

   You are dead wrong until you prove otherwise.  That is, unless you
   talk about the Hurd, of course.

chroot() is inherently unsecure by design on all platforms, get over

   And this although the subhurd is the most inflexible "solution" of
   them all, as it offers complete separation and no sharing at all.

The sub-hurd is the _MOST_ _FLEXIBLE_ solution.  What part of "a
sub-hurd is a properly designed chroot" don't you get? The whole
frigging point it not to share, and complete separation!  If you allow
sharing, and don't have it seperate you will be bound to getting
someone who will poke a hole so big that a truck can drive through it.

   Then please let me ask you a question: What do you want to replace
   them with?

Nothing, since I don't consider them a design flaw.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]