Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

To: Jan Mojzis <jan.mojzis@gmail.com>
Cc: 841113@bugs.debian.org, Henrique de Moraes Holschuh <hmh@debian.org>, Dmitry Bogatov <KAction@gnu.org>, debian-devel@lists.debian.org
Subject: Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
From: Adrian Bunk <bunk@stusta.de>
Date: Sat, 22 Oct 2016 22:00:04 +0300
Message-id: <[🔎] 20161022190004.wzcdcofp4jx5veb4@bunk.spdns.de>
In-reply-to: <[🔎] 1896256.cd56reLgOV@apache>
References: <[🔎] 20161017181504.28723.72730.reportbug@apache.kobka> <[🔎] 1476876794.46792.760725745.55203AED@webmail.messagingengine.com> <[🔎] 20161021035206.w5hkypkhgfecmq34@bunk.spdns.de> <[🔎] 1896256.cd56reLgOV@apache>

On Fri, Oct 21, 2016 at 08:55:26AM +0200, Jan Mojzis wrote:
> > "extremely outdated"?
> > 
> > This sounds like a hack from ~ 20 years ago when people realized that 
> > running several programs at the same time as nobody does not isolate
> > them from each other.
> > 
> > Much better solutions for restricting what a process can or cannot do 
> > are now available.
> 
> The basic idea is taken from extreme - sandboxing:
> https://cr.yp.to/talks/2007.04.27/extremesandbox.c[1] 
> 
> My 2 tools currently making only small
> part on this idea, only droping uids/gids.
> I would like to improve my tools in the future, 
> 
> but I thing first step:
> - running current daemons/cron scripts/... under differentd UIDs in the system
> simply by using extremesetuidgid/extremeenvuidgid (instead of setuidgid/envuidgid)

One part of my email you conveniently ignored was:
  20 years ago such a hack would at least have ensured that every 
  process has a unique uid.
  Even this is no longer true.

I'd bet you did not even understand the problem.

I am actually quite sure you did not understand it, since what
breaks your hack is related to proper solutions for sandboxing.

> second step:
> - create (library ??) to use buggy libraries such openssl sandboxed using idea from
> extreme sandbox
>...

All this feels like travelling 20 years back in time.

2007 was approximately the latest time when something like that was 
still considered acceptable security.

Today this is just extremely bad sandboxing, and anyone suggesting to
do anything like that in 2016 proves without any doubt that he doesn't
have a clue regarding security.

> Jan
>...

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to:

References:
- Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
  - From: Jan Mojzis <jan.mojzis@gmail.com>
- Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
  - From: Adrian Bunk <bunk@stusta.de>
- Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
  - From: Jan Mojzis <jan.mojzis@gmail.com>

Prev by Date: Bug#841718: ITP: libsah-schemas-rinci-perl -- Sah schemas for Rinci
Next by Date: Re: Proposed documentation, please comment! [was Re: Bug#838919: debian-installer: please calculate swap parition according to max RAM...]
Previous by thread: Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
Next by thread: Bug#841122: ITP: libgeo-constants-perl -- standard constants used by Geo perl packages
Index(es):
- Date
- Thread