--ln7g2OyKfOVI4VSW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 02, 2007 at 12:41:00AM +0200, Elad Efrat wrote:
> attached is a very simple patch that adds a "security.tpe" sysctl node
> to control a tpe (or, trusted path execution) feature.
>=20
> what it does: prevent execution of any program that does not live in a
> directory that is owned by root and writable by neither group or other.
>=20
> why would you need it: quick knob you can enable to prevent any users
> from running their own stuff. kinda useful if there's a now 0-day out
> or you're in the middle of patching your system or whatever.

I've already notified elad about that, but in case anyone would start
using it, that implementation of TPE is actually too simple to prevent
execution of user-supplied code.

For one thing because you can use an interpreted language such as PERL
to do almost anything (granted, PERL is not installed in base, and other
languages in base might be too limited).

But you can also use LD_PRELOAD to make ld.so load and later run your
code.

I'm certainly not saying it's not worth having, but it's not ideal
either.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"You could have made it, spitting out benchmarks
Owe it to yourself not to fail"
Amplifico, Spitting Out Benchmarks, Hometakes Vol. 2, 2005.

--ln7g2OyKfOVI4VSW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iQEVAwUBRcN68tgoQloHrPnoAQKCTwf+LaHcKt9xqCn8Ib1o4t1wRPwRhNQsttz7
Nja0/lbj2M09zcH52pRHkYLOS+yAYLdGMR6uyWaPCBOaov6GuhNVMXjA5Cd7RAy1
j8vgs/HZjW45d7m1WzBym20q73GP72949T/ccmN8FLi4hoPNTGUzyRi5PlPRgjV9
c7xodVC4OpLyNS95S9gfdkMWRbArR25vM0XsAmrfdjeRe8kCLJCEhYq7af5Q7u5O
PDZs9IvQmytF36S/gm+KT/eA8d9/1TUFlIC5VK/BS6VQJoYL9FhQHqxY/5jdYxtI
QFes6RBj3JqhsUF5pSlSiEkzGXrV4PWxJ0rX1259JOPBRrqcedOuhg==
=0wy/
-----END PGP SIGNATURE-----

--ln7g2OyKfOVI4VSW--