On Sat, 2015-12-19 at 20:33 +1100, Riley Baird wrote: > Package: wnpp > Severity: wishlist > Owner: Riley Baird > > * Package name : libwaive > Version : 1.0.0+git20151218.a0e8c1 > Upstream Author : Dima Krasner <dima@dimakrasner.com> > * URL : https://github.com/dimkr/libwaive > * License : MIT > Programming Lang: C > Description : Allow processes to waive their rights > > libwaive is a tiny library that provides waive(), a function that allows a > process to waive its right to perform certain actions (e.g. open a file). > > It is inspired by Theo de Raadt's tame() system call > (http://article.gmane.org/gmane.os.openbsd.tech/43085) libwaive takes a blacklisting approach, which is fundamentally insecure. For example, WAIVE_EXEC is supposed to prevent loading an executing new code, but it doesn't block the new execveat() system call. At any time, Linux may be extended with new variants of old system calls, and those new unknown system calls need to be blocked as well. Ben. -- Ben Hutchings Always try to do things in chronological order; it's less confusing that way.
Attachment:
signature.asc
Description: This is a digitally signed message part