Subject: Re: simple tpe implementation
To: Elad Efrat <>
From: Quentin Garnier <>
List: tech-kern
Date: 02/02/2007 18:54:59
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 02, 2007 at 12:41:00AM +0200, Elad Efrat wrote:
> attached is a very simple patch that adds a "security.tpe" sysctl node
> to control a tpe (or, trusted path execution) feature.
> what it does: prevent execution of any program that does not live in a
> directory that is owned by root and writable by neither group or other.
> why would you need it: quick knob you can enable to prevent any users
> from running their own stuff. kinda useful if there's a now 0-day out
> or you're in the middle of patching your system or whatever.

I've already notified elad about that, but in case anyone would start
using it, that implementation of TPE is actually too simple to prevent
execution of user-supplied code.

For one thing because you can use an interpreted language such as PERL
to do almost anything (granted, PERL is not installed in base, and other
languages in base might be too limited).

But you can also use LD_PRELOAD to make load and later run your

I'm certainly not saying it's not worth having, but it's not ideal

Quentin Garnier - -
"You could have made it, spitting out benchmarks
Owe it to yourself not to fail"
Amplifico, Spitting Out Benchmarks, Hometakes Vol. 2, 2005.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (NetBSD)