Subject: Re: Emulation: selecting emulation root at runtime?
To: None <current-users@NetBSD.org>
From: Alan Barrett <apb@cequrux.com>
List: current-users
Date: 08/27/2007 20:33:33
On Mon, 27 Aug 2007, David Laight wrote:
> If the user has write access to any executable filestore, then allowing
> the 'emulation root' of a process to be user settable shouldn't be an issue
> (apart from suid executables).
Sure, but proving that no exploitable suid executables are or ever will
be accessible from inside the emulation root is a lot of work -- much
more work than is reasonable to expect from a syscall or sysctl call.
In case you don't see the necessity for such a proof: consider a suid
copy of /usr/bin/su inside the emulation root, reading insecure versions
of /etc/passwd and friends from inside the emulation root.
--apb (Alan Barrett)