Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
The isolate utility
Posted Jan 7, 2010 17:28 UTC (Thu) by jimparis (subscriber, #38647)
DJB's suggestion of how to isolate a process
Posted Jan 7, 2010 19:24 UTC (Thu) by pjm (subscriber, #2080)
Does anyone dispute this claim, or have a better suggestion of how to implement that result with standard UNIX interfaces?
(I haven't looked into the bug mentioned, though I'd guess that isolate(1) is a world-executable setuid utility that has a bug allowing arbitrary code execution before doing the setuid step, rather than being a bug in the approach quoted from the DJB paper. Anyone who's looked into it, please either confirm or refute this guess.)
Posted Jan 7, 2010 23:10 UTC (Thu) by drag (subscriber, #31333)
It does not depend on chroot. It is not complicated to setup like SELinux.
And it does not need to ran as root to manage the VM.
Posted Jan 8, 2010 11:33 UTC (Fri) by ggl (guest, #51040)
His paper shows a develop's perspective and not how a administrator can isolate a process or prevent privilege escalation.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds