| 1 |
Dan Margolis wrote: |
| 2 |
> |
| 3 |
> It's entirely possible to set up a restricted system which only allows |
| 4 |
> certain kinds of access, and limit that access to the execution of |
| 5 |
> specific programs, even if this involves whitelisting if necessary. TPE |
| 6 |
> (the way GRSec does it, at least) allows one to whitelist a directory, |
| 7 |
> which is (or should be) effective. If you can tell me how it's not, I'd |
| 8 |
> appreciate it (not that I use such measures on any of my own machines, |
| 9 |
> but I am curious). |
| 10 |
> |
| 11 |
> |
| 12 |
How about running 'untrusted' code through any interpreter in your trusted path, |
| 13 |
are you going to somehow prevent interpreters from reading anything in |
| 14 |
non-root owned directories? This is a slippery slope and quickly approaches the |
| 15 |
need for MAC. I repeat, TPE is a broken model and should not be relied on for |
| 16 |
anything. |
| 17 |
> |
| 18 |
>>>It isn't a bug in the documentation. |
| 19 |
> |
| 20 |
> |
| 21 |
> |
| 22 |
> It is either a bug in the documentation to be incomplete when |
| 23 |
> recommending noexec, or, as you say, perhaps a bug in the documentation |
| 24 |
> to recommend noexec at all. Either way, it's internally inconsistent, |
| 25 |
> which means it's a bug (i.e. there's no reason to recommend |
| 26 |
> nosuid/noexec for only some partitions it can be used on, whether or not |
| 27 |
> those flags are even useful). |
| 28 |
> |
| 29 |
|
| 30 |
We should not recomment noexec, noexec does nothing at all. |
| 31 |
|
| 32 |
|
| 33 |
Joshua |
| 34 |
|
| 35 |
-- |
| 36 |
gentoo-hardened@g.o mailing list |
Archives