|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
||||
Introducing tame(2) with OpenBSD 5.8
The tame(2) syscall is a new kernel facility, announced yesterday on the OpenBSD tech@ mailing list. It was announced there, rather than more broadly, because it is still a work in progress, and developments continue. As I write this, revisions to the tame(2) man page were committed within the last hour.
The tame(2) service will be available with OpenBSD 5.8 when released later this year. This new facility permits both fine-grained service restrictions, and restrictions that are different than chroot(2), and I expect both may be deployed together when appropriate. The tame(2) syscall is an an application developer's tool to limit the scope of system services available to the application. At the moment, these types of service categories are defined in tame(2), which an application developer may select from:
Last edited by jggimi; 21st July 2015 at 10:25 AM. Reason: typo |
|
||||
It's being viewed as a different approach to the same problem space. Jonathan Corbet wrote:
Quote:
|
|
||||
For those who follow -current, tame() was renamed to pledge(2), and there have been major developments and restructuring of userland programs for 5.9, which are continuing. All who follow the misc@ mailing list will have seen some of the discussion -- if only from users caught by problems during this rapid development across most of OpenBSD's userland.
As a -current user, I read daily digests of the commit logs. This particular commit to rdate(8) caught my eye, as it is an example of the more active, robust analysis of the code base currently in progress as pledge() gets deployed system-wide. Code:
rdate is a classic "run as root, talk to internet for a while doing crazy packet parsing, then do something requiring privilege at the end" program. Simplistic pledge would be "stdio rpath wpath inet dns settime", which is not very useful. Imagine if it was exploited? It could still change your time backwards or write to your passwd file - game over. However the pledge "categorization" is educational, and quickly leads to a priv-sep solution of sorts. Create a pipe and fork. child pledges "stdio inet dns", and talks the time protocols, then writes error message + timeinfo to the pipe. parent pledges "stdio rpath wpath settime" and reads error message/timeinfo from pipe. If error message, spit it out. Otherwise handle the time, then pledge "stdio rpath", and finally report how the time was adjusted. A bit more complicated. Now observe that the pledges help test if it is right... |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
NetBSD Introducing NPF, NetBSD's new packet filter | s0xxx | News | 1 | 14th September 2010 05:22 PM |