[ILUG] Porting MyDoom to Linux
paul at clubi.ie
Wed Feb 4 16:02:22 GMT 2004
On Wed, 4 Feb 2004, Chris Higgins wrote:
> Do we ? Are we not better to assume that 'untrusted' means
> just that - and not attribute more or less trust based on
> what we think the data is ,
I'd agree with that. What would be an aid here would be ability to
easily create arbitrary 'sandboxes' to run possibly tainted code inÂ.
We're part of the way there with bind mounts. But those can only take
directories as their targets, if you could bind mount at a file level
you could map individual binaries into some kind of sand box area and
make it easy to create on-the-fly chroots (with things like
CAP_SYS_PTRACE removed from inherited capability set to prevent
access to data in other processes belonging to user).
1. For purposes of this discussion, data (especially complex) which
is to be interpreted in some form by a trusted helper binary still
counts as possibly tainted code: trusted binary + vulnerability +
untrusted data = untrusted code.
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam at dishone.st
Genius is one percent inspiration and ninety-nine percent perspiration.
-- Thomas Alva Edison
More information about the ILUG