| |||||||||||||
Yes. and No. and Yes.Yes. and No. and Yes.Posted Jan 17, 2008 10:48 UTC (Thu) by hummassa (subscriber, #307)In reply to: unionfs and software installation by skitching Parent article: State of the unionfs
The problem of "letting a non-admin user installing software" versus "not allowing malware to take over the entire system" is still unsolved. To worsen things, these days the main objectives of malware are "(2) recover this user bank passwords, CC numbers, and SS-equiv number" and "(1) send the greatest possible amount of spam" because that is what the market want from malware. IOW, once the user is fooled to execute _any_ malware (even non-rootkitting malware) the damage is done.
(Log in to post comments)
Yes. and No. and Yes. Posted Jan 17, 2008 16:10 UTC (Thu) by nix (subscriber, #2304) [Link] It occurs to me that this could be used to make fakeroot a lot less ugly internally. It wouldn't need to mess around transforming paths anymore, just union-mount something writable over / in a per-process cloned namespace, fake out permissions checks, and Bob's your uncle :) no harm can be done should the code 'overwrite' /etc/shadow or 'delete' /usr, because trusted code could inspect the writable union target post-'make install' and transfer only those parts which look acceptable onto the underlying filesystem(s).
Yes. and No. and Yes. Posted Jan 18, 2008 8:59 UTC (Fri) by njs (guest, #40338) [Link] I thought that the point of fakeroot was that it let you do arbitrary (virtual) chown/chmod's on files you had just created, not that it let you scribble randomly on the existing filesystem. I guess you could have, like, a FUSE filesystem that allowed anyone to do arbitrary chown/chmod, but could only be mounted nodev nosuid. That might be safe and effective. Or something with containers?
|
|||||||||||||