Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <elad@NetBSD.org>
From: Nathan J. Williams <firstname.lastname@example.org>
Date: 12/02/2005 09:05:55
Elad Efrat <elad@NetBSD.org> writes:
> Nathan J. Williams wrote:
> > Let's see. You want to read and write control and bulk data, from a
> > special-to-the-kernel node in a hierarchical namespace. This totally
> > smells like reinventing /dev.
> Isn't that what sysctl() is for?
My thinking is that sysctl(3) should be limited to being a back-end
for sysctl(8): individual knobs that are examinable and tweakable by a
> >>2. If, some day, Veriexec would have the feature of returning the hash
> >> for a given file (or any other configuration inspection) it might
> >> be desired that a process with root privileges in a chroot cage (...)
> >> could be prevented from accessing that information.
> > This sounds like an argument for leaving it in the filesystem.
> Can you give me an example of a root-owned process inside a chroot()?
> most, if not all examples of chroot() usage I know make sure to drop
> root privileges.
> Also, what is a real world application for this argument? I think this
> case is *VERY* esoteric.
You're the one who brought it up, so I'm commenting on it.