[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to")
|
From: |
Jan Hudec |
|
Subject: |
Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to") |
|
Date: |
Thu, 8 Jul 2004 09:54:08 +0200 |
|
User-agent: |
Mutt/1.5.6+20040523i |
On Wed, Jul 07, 2004 at 23:59:33 +0200, Magnus Therning wrote:
> On Tue, Jul 06, 2004 at 03:27:53PM -0700, Jeremy Shaw wrote:
> >I talked with tom briefly on #arch, and he has given some thought to
> >handling security in the VM. I don't think the security stuff has been
> >fully flushed out yet. Also, the term sandbox may have some very
> >specific meanings attached to it that I am not aware of, so don't read
> >to much into that word.
> >
> >I think the basic model is, the VM will have someway to mark commands
> >as safe or unsafe. There will also be a way to set which unsafe
> >commands a program can run on a per program, per command basis. This
> >would allow you to implement a large number of possible security
> >policies...
>
> What about marking data?
>
> I am no perl afficionado but I seem to remember some way of marking data
> as tainted. This could add another aspect to the command marking:
>
> Only the following commands can run in "secure (enough) mode":
>
> 1. Safe commands working on any kind of data.
> 2. Unsafe commands working on trusted data.
>
> Again, someone versed in the dark art of perl should probably step in
> here right about now :-)
Perl's tainting is not about programs not being able to do harm. It's
about enforcing checks on input so you don't accidentaly use unchecked
data when modifying outside world.
It could be useful here, though. As a tool for writing library code,
that will run in privileged code. Data could be marked with privilege
level they come from. And unsafe operations would require, that their
arguments have some privileges. So even privileged code would have to do
argument validation (only way to rise the privilege level) before
calling unsafe operations. Data privileges would have to be downgraded
automaticaly, though, because the malicious code could misuse valid data
for something else.
-------------------------------------------------------------------------------
Jan 'Bulb' Hudec
<address@hidden>
signature.asc
Description: Digital signature
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), (continued)
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Samium Gromoff, 2004/07/12
- [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Miles Bader, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), James Blackwell, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/12
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Stephen J. Turnbull, 2004/07/14
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Miles Bader, 2004/07/14
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Magnus Therning, 2004/07/07
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"),
Jan Hudec <=
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Colin Walters, 2004/07/06
- Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06
Re: [Gnu-arch-users] arch roadmap 1 (and "what's tom up to"), Tom Lord, 2004/07/06