Re: [RFC] Privilege dropping security module

From: Andy Spencer
Date: Thu Oct 01 2009 - 05:16:12 EST

Next message: Ingo Molnar: "Re: futex question"
Previous message: Avi Kivity: "Re: [RFC PATCHSET] workqueue: implement concurrency managed workqueue"
In reply to: Pavel Machek: "Re: [RFC] Privilege dropping security module"
Next in thread: Pavel Machek: "Re: [RFC] Privilege dropping security module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Yeah, and now your ~/.ssh/identity is being uploaded to remote server.

The given policy sets the home directory (including ~/.ssh/) to `X'
which does not include read access, so ~/.ssh/identity should be safe.
There are some other problems with this particular policy though, /tmp/
is still readable for example.

> I believe people are already sandboxing apps with selinux...

Yes, some people (including myself) are already using selinux, tomoyo,
smack, etc, for sandboxing. However, I think those have some
disadvantages that I'm trying to address.

> ...and subterfugue certainly does what you want, using ptrace... no
> kernel mods needed and should already be secure.

subterfugue does look interesting, but it seems like it would be pretty
slow and hasn't been unmaintained since 2001.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Ingo Molnar: "Re: futex question"
Previous message: Avi Kivity: "Re: [RFC PATCHSET] workqueue: implement concurrency managed workqueue"
In reply to: Pavel Machek: "Re: [RFC] Privilege dropping security module"
Next in thread: Pavel Machek: "Re: [RFC] Privilege dropping security module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]