2008/226 mmapfd and 2008/195 validated execution
Roland Mainz
roland.mainz at nrubsig.org
Sat Apr 5 19:27:41 PDT 2008
Bart Smaalders wrote:
> John Zolnowsky x69422/408-404-5064 wrote:
> > The general nature of mmapfd() mapping represents a possible solution
> > to a concern being discussed in 2008/195. The issue is that
> > interpreters other than rtld often have the equivalent of libraries,
> > for example, perl's .pm and .pl or the shell "source" or "." commands.
> > These extended forms of library are presently introduced into the
> > process "execution" using general interfaces (open(), read()),
> > precluding any reliable triggering for validition of the object. As
> > much as mmapfd() provides a generalized mechanism for accessing these
> > forms of libraries, it would serve as a enabler for validated
> > execution.
>
> cat /etc/file | sh ???
Or worse: "eval" ...
... another issue is that shells like "ksh" support function libraries
(via FPATH) which are loaded on demand... how should this be handled ?
> It seems to be that validated execution is somewhat missing the point
> by focusing on "execution".
>
> I'll take my comments to 2008/195 when I get a chance..
/me, too...
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 7950090
(;O/ \/ \O;)
More information about the opensolaris-arc
mailing list