| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2010 18:30:56 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/3] Security: Implement disablenetwork semantics. (v4) Serge E. Hallyn wrote: >Michael, I'm sorry, I should go back and search the thread for the >answer, but don't have time right now - do you really need >disablenetwork to be available to unprivileged users? I don't know about Michael's specific case, but answering more broadly, Yes. There are important use cases for disablenetwork for unprivileged users. Basically, it facilitates privilege separation, which is hard to do today. A privilege-separated software architecture is useful for a broad variety of programs that talk to the network -- some/many of which are unprivileged. For instance, the very original post on this topic referred to a proposal by Dan Bernstein, where Dan points out that (for instance) it would make be useful if we could start a separate process for decompression (or image file transformation), running that separate process with no privileges (including no network access) to reduce the impact of vulnerabilities in that code. Think of, say, a browser that needs to convert a .jpg to a bitmap; that would be an example of an unprivileged program that could benefit from the disablenetwork feature, because it could spawn a separate process to do the image conversion. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists