Re: Privilege separation
Roy Marples
Mon Jun 25 08:18:58 2018
On 24/06/2018 12:53, Stuart Henderson wrote:
There isn't a single "BSD", I don't know about others but OpenBSD
doesn't have this. But it's not just about capabilities - having a
separate address space for parts with a different privilege boundaries
is an additional limit on what one part can do if subverted. (On OpenBSD
there's an additional thing that can be done, the syscalls used by each
part can be evaluated separately and "pledge" can be used to disable
unneeded ones, giving additional protection).
Happy to consider pledge patches. I have almost zero knowledge in this area.
As the OpenBSD port maintainer for dhcpcd it's something I'd quite like
to have, but it's going to be a reasonable amount of work, especially
if it needs to be disable-able via #ifdefs..
The biggest issue with doing this is that more memory and resources
would be used up which is not something everyone wants.
dhcpcd is very customisable in how the end binary looks. The last time I
checked you could get it as small as 20k, but also lost a lot of
functionality too. I see this as being no different in this regard.
The only people asking for this are OpenBSD users. I have noticed the
number of OpenBSD users is steadily growing.
Roy
Archive administrator: postmaster@marples.name