User: Password:
|
|
Subscribe / Log in / New account

Yes. and No. and Yes.

Yes. and No. and Yes.

Posted Jan 17, 2008 10:48 UTC (Thu) by hummassa (subscriber, #307)
In reply to: unionfs and software installation by skitching
Parent article: State of the unionfs

The problem of "letting a non-admin user installing software" versus "not 
allowing malware to take over the entire system" is still unsolved.

To worsen things, these days the main objectives of malware are "(2) 
recover this user bank passwords, CC numbers, and SS-equiv number" 
and "(1) send the greatest possible amount of spam" because that is what 
the market want from malware. IOW, once the user is fooled to execute 
_any_ malware (even non-rootkitting malware) the damage is done.


(Log in to post comments)

Yes. and No. and Yes.

Posted Jan 17, 2008 16:10 UTC (Thu) by nix (subscriber, #2304) [Link]

It occurs to me that this could be used to make fakeroot a lot less ugly internally. It
wouldn't need to mess around transforming paths anymore, just union-mount something writable
over / in a per-process cloned namespace, fake out permissions checks, and Bob's your uncle :)
no harm can be done should the code 'overwrite' /etc/shadow or 'delete' /usr, because trusted
code could inspect the writable union target post-'make install' and transfer only those parts
which look acceptable onto the underlying filesystem(s).

Yes. and No. and Yes.

Posted Jan 18, 2008 8:59 UTC (Fri) by njs (guest, #40338) [Link]

I thought that the point of fakeroot was that it let you do arbitrary (virtual) chown/chmod's
on files you had just created, not that it let you scribble randomly on the existing
filesystem.

I guess you could have, like, a FUSE filesystem that allowed anyone to do arbitrary
chown/chmod, but could only be mounted nodev nosuid.  That might be safe and effective.  Or
something with containers?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds