On 9/24/07, ttw+bsd@cobbled.net <ttw+bsd@cobbled.net> wrote:
quoted text
> On 24.09-11:49, Can E. Acar wrote:
> [ ... ]
> > > The guy can be some stupid binary software with an "if(uid!=root) bail();"
> >
> > People running arbitrary binary software requiring root on their systems
> > deserve what they get. You can not work around this stupidity by ANY policy.
>
> that is not the case and is, in fact, the entire point of defining
> policy.  to define what the applications on the system can and
> cannot do, irrespective of how "stupid" they (or their programmer),
> or how malicious they (or their programmer) is / was.

Oh, that sounds like a recipe for success.

- Run _arbitrary_ _binary_ application on system. Intend to use policy
wrapper to restrict to allowed operations.
- Can't figure out how to get a working policy (made harder because
you can't debug the damn blob well anyway). (made harder because the
ppl who sold you that application aren't going to be able to help you
when you ask them "why is this app doing X Y and Z?" when X Y and Z
are system calls they've never heard of.)
- So, disable policy stuff or just "allow all" just to get it working.
Face it; the fact that you're running the dumb binary app in the first
place is because its so critical you can't do without it. Given the
choice between having a mission critical app (that you probably paid
good money for) crippled by the policy layer or not having to deal
with it, what are people going to do?

The intentions are great and look good on paper. The reality is a bit
different, as others have pointed out.

DS