Re: Design principles and ethics

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design principles and ethics

From:	Tom Bachmann
Subject:	Re: Design principles and ethics
Date:	Sun, 30 Apr 2006 16:34:29 +0200
User-agent:	Mail/News 1.5 (X11/20060403)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan S. Shapiro wrote:
> Your user shell is the parent of /sbin/passwd when you
> execute /sbin/passwd. It is entirely proper that /sbin/passwd should not
> trust its parent.
> 

Interesting, this opens (for me) a completely new view to confinement:
it is needed to run programs more privileged than the user. This should
simplify the task of finding an example where your kind of confinement
is needed.

Still, the passwd example is broken: it only does not work because the
file contains entries of other users, too. I would make the file local
to each shell. So in fact, it could just contain a plaintext password
the user can change with an ordinary editor.
- --
- -ness-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEVMr1vD/ijq9JWhsRAkboAJ47z5xopzudxv2naSPfMNiR9PzNOwCfZWo0
/M7WTgMHGQRjx3TR4fFKpCw=
=dDKN
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: The gun analogy (Was: Design Principles), (continued)

Prev by Date: Re: Reliability of RPC services
Next by Date: Re: The gun analogy (Was: Design Principles)
Previous by thread: Re: Design principles and ethics (was Re: Execute without read (was [...]))
Next by thread: Re: Design principles and ethics (was Re: Execute without read (was [...]))
Index(es):
- Date
- Thread