Subject: Re: Getting rid of /dev/veriexec
To: None <tech-kern@netbsd.org>
From: None <joerg@britannica.bec.de>
List: tech-kern
Date: 12/02/2005 17:06:10
On Fri, Dec 02, 2005 at 05:29:26PM +0200, Elad Efrat wrote:
> joerg@britannica.bec.de wrote:
> 
> > I don't agree with Nathan on the use of sysctl, but removing the device
> > as entry point is IMO a very bad thing for Veriexec. Consider the need
> > for the device a security feature for Veriexec, but a bug e.g. for ps /
> > netstat etc.
> 
> How is having the device counts as a security feature..?

You can limit the availabilty. It was pointed out before that a bunch of
programs do run as root, but can be chrooted. The combination of
securitylevel, nodev as mount option and chroot can dramatically reduce
the impact of exploits, even if it can't completely neutralise them.
Let's just say it increases the effort necessary quite a bit.

Joerg