Re: FWIW: sysrestrict

To: tech-kern%netbsd.org@localhost
Subject: Re: FWIW: sysrestrict
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 24 Jul 2016 22:57:57 +0200

On Sun, Jul 24, 2016 at 01:09:46PM +0200, Maxime Villard wrote:
> The goal of sysrestrict (and pledge, and whatever else) is not to provide the
> perfect feature that will control absolutely everything. The goal is just to
> provide an additionnal, simple layer of restriction. It is a combination of
> such features that can mostly reach the granularity you want. Sysrestrict for
> syscalls, UNIX file permissions for VFS, kauth for kernel permissions, Veriexec
> for binary permissions, etc.

Frankly, I haven't seen many use cases for pledge so far that actually
make sense. While I do see a certain sense in allowing a fully sandboxed
process hierachy, that can already be obtained to a degree with ptrace.
If you want to actually get something like this into the tree, you should
start at the beginning. What problem is it trying to solve, why is that
problem relevant and how does is it gotten solved?

Joerg

Follow-Ups:
- Re: FWIW: sysrestrict
  - From: Maxime Villard

References:
- FWIW: sysrestrict
  - From: Maxime Villard
- Re: FWIW: sysrestrict
  - From: Paul Goyette
- Re: FWIW: sysrestrict
  - From: Alistair Crooks
- Re: FWIW: sysrestrict
  - From: Maxime Villard

Prev by Date: Re: FWIW: sysrestrict
Next by Date: Re: CVS commit: src/sys
Previous by Thread: Re: FWIW: sysrestrict
Next by Thread: Re: FWIW: sysrestrict
Indexes:

Home | Main Index | Thread Index | Old Index