[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

On Fri, Oct 21, 2016 at 08:55:26AM +0200, Jan Mojzis wrote:
> > "extremely outdated"?
> > 
> > This sounds like a hack from ~ 20 years ago when people realized that 
> > running several programs at the same time as nobody does not isolate
> > them from each other.
> > 
> > Much better solutions for restricting what a process can or cannot do 
> > are now available.
> The basic idea is taken from extreme - sandboxing:
> https://cr.yp.to/talks/2007.04.27/extremesandbox.c[1] 
> My 2 tools currently making only small
> part on this idea, only droping uids/gids.
> I would like to improve my tools in the future, 
> but I thing first step:
> - running current daemons/cron scripts/... under differentd UIDs in the system
> simply by using extremesetuidgid/extremeenvuidgid (instead of setuidgid/envuidgid)

One part of my email you conveniently ignored was:
  20 years ago such a hack would at least have ensured that every 
  process has a unique uid.
  Even this is no longer true.

I'd bet you did not even understand the problem.

I am actually quite sure you did not understand it, since what
breaks your hack is related to proper solutions for sandboxing.

> second step:
> - create (library ??) to use buggy libraries such openssl sandboxed using idea from
> extreme sandbox

All this feels like travelling 20 years back in time.

2007 was approximately the latest time when something like that was 
still considered acceptable security.

Today this is just extremely bad sandboxing, and anyone suggesting to
do anything like that in 2016 proves without any doubt that he doesn't
have a clue regarding security.

> Jan



       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to: