Re: RFC: New security model secmodel_securechroot(9)

To: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>, tech-kern%NetBSD.org@localhost
Subject: Re: RFC: New security model secmodel_securechroot(9)
From: jnemeth%victoria.tc.ca@localhost (John Nemeth)
Date: Sat, 9 Jul 2011 10:30:13 -0700

On Nov 29,  7:06am, Joerg Sonnenberger wrote:
} On Sat, Jul 09, 2011 at 12:03:50PM +0300, Aleksey Cheusov wrote:
} > DESCRIPTION
} >      The securechroot security model is intended to protect the system
} >      against destructive modifications by chroot-ed processes.  If
} >      enabled, secmodel_securechroot applies the following restrictions
} >      to chroot-ed processes.
} 
} >      ·   Module requests are not allowed.
} 
} Does this include automatic loading of modules as side effect of actions
} or not?

     This should be fine.  When autoloading, it will only use the
system path and doesn't follow chroot.

} >      ·   Firewall-related operations such as modification of packet
} >          filtering rules or modification of NAT rules are not allowed.
} 
} Table manipulation is a valid use case of a chroot, especially a
} restricted chroot. Consider FTP proxies as example.

     Manipulating global state is a pretty major exception considering
the rest of the stuff here.  If you want that, then don't use this
module.

}-- End of excerpt from Joerg Sonnenberger

References:
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Joerg Sonnenberger

Prev by Date: re: RFC: New security model secmodel_securechroot(9)
Next by Date: Re: RFC: New security model secmodel_securechroot(9)
Previous by Thread: re: RFC: New security model secmodel_securechroot(9)
Next by Thread: Re: RFC: New security model secmodel_securechroot(9)
Indexes:

Home | Main Index | Thread Index | Old Index