| |||||||||||||
The isolate utilityThe isolate utilityPosted Jan 7, 2010 14:57 UTC (Thu) by tialaramex (subscriber, #21167)In reply to: The isolate utility by jimparis Parent article: The isolate utility
It is sad to see blacklisting proposed as a security measure. Is that really from DJB? I guess everyone has blind spots.
(Log in to post comments)
DJB's suggestion of how to isolate a process Posted Jan 7, 2010 19:24 UTC (Thu) by pjm (subscriber, #2080) [Link]
The quoted text is in the context of what one can get with existing UNIX tools. The paper goes on to claim that short of severe operating-system bugs, the result is that the process has no communication channels other than its initial file descriptors.
Does anyone dispute this claim, or have a better suggestion of how to implement that result with standard UNIX interfaces?
(I haven't looked into the bug mentioned, though I'd guess that isolate(1) is a world-executable setuid utility that has a bug allowing arbitrary code execution before doing the setuid step, rather than being a bug in the approach quoted from the DJB paper. Anyone who's looked into it, please either confirm or refute this guess.)
DJB's suggestion of how to isolate a process Posted Jan 7, 2010 23:10 UTC (Thu) by drag (subscriber, #31333) [Link]
Man the more I look at the more something like this screams out for LXC.
It does not depend on chroot. It is not complicated to setup like SELinux.
The isolate utility Posted Jan 8, 2010 11:33 UTC (Fri) by ggl (guest, #51040) [Link]
In his papers djb is more speaking about minimalism than blacklisting. My interpretation is that one should limit the resources that a process can access only to the needed ones.
His paper shows a develop's perspective and not how a administrator can isolate a process or prevent privilege escalation.
|
|||||||||||||