Pidgin
Trac is being migrated to new services! Issues can be found in our new YouTrack instance and WIKI pages can be found on our website.

Changes between Version 90 and Version 91 of mmcco


Ignore:
Timestamp:
Dec 31, 2015, 10:40:03 PM (8 years ago)
Author:
mmcco
Comment:

clarify, fix syntax highlighting

Legend:

Unmodified
Added
Removed
Modified

  • mmcco

    v90 v91  
    177177OpenBSD's new privilege revocation system call [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2 pledge(2)] is based on the concept that programs do most of their privileged operations during initialization, eventually dropping into a main loop that is "boring and full of buffer overflows". The `pledge(2)` model therefore allows the process all privileges until it makes the system call. This is fundamentally different from approaches such as App^^Armor's, which have a static privilege list stored outside the program that is always enforced.
    178178
    179 The `pledge(2)` model makes more sense for network programs like Pidgin and is easier to implement. In these cases, we trust the ''binary'' to not be malicious, but we don't trust the remote network entities it interacts with, and we don't trust the binary to protect us from them. Many other access control frameworks results attempt to protect the system from potentially malicious binaries, which can add complicating rigidity.
    180 
    181 This sort of approach can be used in App^^Armor's through its ``aa_change_hat`` and ``aa_change_profile`` functions. However, this is less elegant and seems rarely used.
     179The `pledge(2)` model makes more sense for network programs like Pidgin and is easier to implement. In these cases, we trust the ''binary'' to not be malicious, but we don't trust the remote network entities it interacts with, and we don't trust the binary to protect us from them. Why lock down the process before it interacts with the network? Many other access control frameworks results attempt to protect the system from potentially malicious binaries, which can add complicating rigidity.
     180
     181This sort of approach can be used in App^^Armor's through its `aa_change_hat` and `aa_change_profile` functions. However, this is less elegant and seems rarely used.
    182182
    183183=== Code annotations ===
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!