undefined | Better HN

0 pointsJoshTriplett10mo ago0 comments

There's value in always starting processes from a known-secure environment rather than attempting to transform a user's arbitrary environment into a secure one.

0 comments

Retr0id10mo ago

True, CVE-2021-4034 comes to mind as a recent example (exploiting zero-length argv)

hedora10mo ago

How is that any different than a daemon that has a parser error in its message handler, except that the daemon could be misconfigured to listen on a network socket?

The original unix process abstraction was extremely simple; the entire spec is a few pages.

The problem is that Linux keeps adding more and more levels of Rube Goldberg machine to its security model, so now literally no one understands how a default minimal install of, say, Ubuntu works.

Adding a magic daemon that runs stuff as root to this pile of complexity probably won’t help. Ripping out almost all the cruft that’s accumulated over the years, and adding back something sane (maybe BSD jails) would work a lot better.

Dylan1680710mo ago

> How is that any different than a daemon that has a parser error in its message handler

The non-daemon has to parse just as much in addition to making itself secure. Actually it needs to parse more things in more complex ways.

1 more reply

j / k navigate · click thread line to collapse