Re: Hurdish applications for persistence

[Bas Wijnen]

On Wed, Oct 12, 2005 at 09:21:24PM -0400, Jonathan S. Shapiro wrote:
> Umm, guys? Chroot() was a late bolt-on to UNIX that attempted to provide
> a best-effort approximation to confinement in a system where it was way
> too late to do the real thing.
> 
> There may be a good reason to copy a known bad quick patch when we now
> have a better solution, but could somebody explain it to me?

Because we want POSIX, of course.  However, in this case I would suggest a
different solution: Provide chroot, but let it fail unless an environment
variable or something is set (I_KNOW_CHROOT_IS_NOT_SECURE_ON_THIS_PLATFORM or
so).  That way, it cannot be used by accident, but POSIX programs still work.

Obviously, any program which needs chroot for security should be ported.
Usually this will most likely remove the need for superuser priviledges
altogether, which is good.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature