From: "H. Peter Anvin" <hpa@zytor.com>
To: William Lee Irwin III <wli@holomorphy.com>
Cc: Albert Cahalan <acahalan@gmail.com>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: JIT emulator needs
Date: Wed, 20 Jun 2007 09:37:31 -0700 [thread overview]
Message-ID: <467957CB.8020704@zytor.com> (raw)
In-Reply-To: <20070620160116.GI6909@holomorphy.com>
William Lee Irwin III wrote:
>
> I presumed an ELF note or extended filesystem attributes were already
> in place for this sort of affair. It may be that the model implemented
> is so restrictive that users are forbidden to create new executables,
> in which case using a different model is certainly in order. Otherwise
> the ELF note or attributes need to be implemented.
>
Another thing to keep in mind, since we're talking about security
policies in the first place, is that anything like this *MUST* be
"opt-in" on the part of the security policy, because what we're talking
about is circumventing an explicit security policy just based on a
user-provided binary saying, in effect, "don't worry, I know what I'm
doing."
Changing the meaning of an established explicit security policy is not
acceptable.
-hpa
next prev parent reply other threads:[~2007-06-20 16:37 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-08 6:35 JIT emulator needs Albert Cahalan
2007-06-08 7:09 ` Eric Dumazet
2007-06-09 4:12 ` Albert Cahalan
2007-06-08 11:10 ` Alan Cox
2007-06-08 16:35 ` Nicholas Miell
2007-06-09 5:17 ` Albert Cahalan
2007-06-09 20:00 ` H. Peter Anvin
2007-06-19 15:08 ` William Lee Irwin III
2007-06-20 3:16 ` Albert Cahalan
2007-06-20 16:01 ` William Lee Irwin III
2007-06-20 16:37 ` H. Peter Anvin [this message]
2007-06-20 17:54 ` William Lee Irwin III
2007-06-20 18:23 ` H. Peter Anvin
2007-06-20 18:25 ` Albert Cahalan
2007-06-20 18:51 ` H. Peter Anvin
2007-06-21 3:21 ` Albert Cahalan
2007-06-21 3:32 ` H. Peter Anvin
2007-06-21 7:38 ` Albert Cahalan
2007-06-20 18:43 ` Albert Cahalan
2007-06-23 3:52 ` Kyle Moffett
2007-06-24 4:14 ` William Lee Irwin III
2007-06-21 17:44 ` Arjan van de Ven
2007-06-22 5:56 ` Albert Cahalan
2007-06-22 13:43 ` Arjan van de Ven
2007-06-22 14:32 ` Albert Cahalan
2007-06-22 14:42 ` Arjan van de Ven
2007-06-23 2:30 ` Albert Cahalan
[not found] <8tGiE-2Hv-1@gated-at.bofh.it>
[not found] ` <8xNvm-2Tw-29@gated-at.bofh.it>
[not found] ` <8xYTM-3So-13@gated-at.bofh.it>
2007-06-21 11:08 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=467957CB.8020704@zytor.com \
--to=hpa@zytor.com \
--cc=acahalan@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.