1 |
Dan Margolis wrote: |
2 |
> |
3 |
> It's entirely possible to set up a restricted system which only allows |
4 |
> certain kinds of access, and limit that access to the execution of |
5 |
> specific programs, even if this involves whitelisting if necessary. TPE |
6 |
> (the way GRSec does it, at least) allows one to whitelist a directory, |
7 |
> which is (or should be) effective. If you can tell me how it's not, I'd |
8 |
> appreciate it (not that I use such measures on any of my own machines, |
9 |
> but I am curious). |
10 |
> |
11 |
> |
12 |
How about running 'untrusted' code through any interpreter in your trusted path, |
13 |
are you going to somehow prevent interpreters from reading anything in |
14 |
non-root owned directories? This is a slippery slope and quickly approaches the |
15 |
need for MAC. I repeat, TPE is a broken model and should not be relied on for |
16 |
anything. |
17 |
> |
18 |
>>>It isn't a bug in the documentation. |
19 |
> |
20 |
> |
21 |
> |
22 |
> It is either a bug in the documentation to be incomplete when |
23 |
> recommending noexec, or, as you say, perhaps a bug in the documentation |
24 |
> to recommend noexec at all. Either way, it's internally inconsistent, |
25 |
> which means it's a bug (i.e. there's no reason to recommend |
26 |
> nosuid/noexec for only some partitions it can be used on, whether or not |
27 |
> those flags are even useful). |
28 |
> |
29 |
|
30 |
We should not recomment noexec, noexec does nothing at all. |
31 |
|
32 |
|
33 |
Joshua |
34 |
|
35 |
-- |
36 |
gentoo-hardened@g.o mailing list |