Subject: Re: simple tpe implementation
To: Elad Efrat <elad@NetBSD.org>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 02/02/2007 08:04:16
On Fri, 02 Feb 2007 00:41:00 +0200
Elad Efrat <elad@NetBSD.org> wrote:
> attached is a very simple patch that adds a "security.tpe" sysctl node
> to control a tpe (or, trusted path execution) feature.
> what it does: prevent execution of any program that does not live in a
> directory that is owned by root and writable by neither group or
> why would you need it: quick knob you can enable to prevent any users
> from running their own stuff. kinda useful if there's a now 0-day out
> or you're in the middle of patching your system or whatever.
> caveats: it doesn't use kauth yet. if it could it would, so let's not
> get into that now. it also doesn't address interpreters (i.e., someone
> starting python and feeding it stuff) yet. we will do that -- we have
> the mechanism in place, but I'm holding it back for now.
Interesting, though I need to think about it a bit. (Thinking is
definitely advised; I just realized that one objection I had wasn't
--Steve Bellovin, http://www.cs.columbia.edu/~smb