Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <elad@NetBSD.org>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: tech-kern
Date: 12/02/2005 09:05:55
Elad Efrat <elad@NetBSD.org> writes:

> Nathan J. Williams wrote:
> 
> > Let's see. You want to read and write control and bulk data, from a
> > special-to-the-kernel node in a hierarchical namespace. This totally
> > smells like reinventing /dev.
> 
> Isn't that what sysctl() is for?

My thinking is that sysctl(3) should be limited to being a back-end
for sysctl(8): individual knobs that are examinable and tweakable by a
system administrator.

> 
> >>2. If, some day, Veriexec would have the feature of returning the hash
> >>   for a given file (or any other configuration inspection) it might
> >>   be desired that a process with root privileges in a chroot cage (...)
> >>   could be prevented from accessing that information.
> > 
> > 
> > This sounds like an argument for leaving it in the filesystem.
> 
> Can you give me an example of a root-owned process inside a chroot()?
> most, if not all examples of chroot() usage I know make sure to drop
> root privileges.
> 
> Also, what is a real world application for this argument? I think this
> case is *VERY* esoteric.

You're the one who brought it up, so I'm commenting on it.

        - Nathan