Re: [RFC] Privilege dropping security module
From: Pavel Machek
Date: Thu Oct 01 2009 - 03:39:08 EST
On Wed 2009-09-23 22:31:10, Andy Spencer wrote:
> > Hi Andy. Git is a wonderful tool, but if you want people to review
> > your work you need to post patches.
>
> Thanks for letting me know, I've posted a separate message with patch.
>
>
> > And what do you propose as an interesting use case for dpriv?
>
> I think the two most important things about dpriv is that it can be used
> by ordinary users and that is can create policies programmatically.
>
> Being able to use dpriv as a non root user is pretty strait forward. For
> example, a user of a multi-user system may want to try some untrusted
> code without risking access to the rest of the system:
>
> $ cd ~/my_project
> $ echo rxRX / > /sys/kernel/security/dpriv/stage
> $ echo X $HOME > /sys/kernel/security/dpriv/stage
> $ echo rwxRWX $HOME/my_project > /sys/kernel/security/dpriv/stage
> $ echo commit > /sys/kernel/security/dpriv/control
> $ patch < untrusted.patch
> $ make && ./src/some_exe
Yeah, and now your ~/.ssh/identity is being uploaded to remote server.
I believe people are already sandboxing apps with selinux...
...and subterfugue certainly does what you want, using
ptrace... no kernel mods needed and should already be secure.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/