Re: execution policy for shells

To: tech-security%netbsd.org@localhost
Subject: Re: execution policy for shells
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 23 Sep 2010 07:35:14 -0400

On Wed, Sep 22, 2010 at 10:22:39PM -0400, Jan Schaumann wrote:
> Hello,
> 
> I just stumbled upon this:
> http://technet.microsoft.com/en-us/library/dd347628.aspx
> 
> Apparently, Microsoft's Powershell has the concept of an Execution
> Policy specifying whether or not or how scripts should be verified prior
> to execution.
> 
> Has anybody considered implementing this concept for /bin/sh, possibly
> tied into /etc/profile or securelevel?  Or is this (as dynamically)
> possible via veriexec?

It's "possible via veriexec" inasmuch as you can allow only the one
true blessed shell to run, and implement whatever policy you care to
in that shell.  This is how the VMS dynamic linker protected the rest
of the system from bad shared objects...

Follow-Ups:
- Re: execution policy for shells
  - From: Brett Lymn

References:
- execution policy for shells
  - From: Jan Schaumann

Prev by Date: execution policy for shells
Next by Date: Re: execution policy for shells
Previous by Thread: execution policy for shells
Next by Thread: Re: execution policy for shells
Indexes:

Home | Main Index | Thread Index | Old Index