[redhat-lspp] LSPP work items
Russell Coker
rcoker at redhat.com
Thu Oct 6 09:18:09 UTC 2005
On Wed, 2005-10-05 at 14:12 -0500, Klaus Weidner wrote:
> > 21 Turing Complete Programs
> > 21.1 Review all Turing complete programs to see if they need
> augmentation:
> > sed, awk, rpm, bash, tcsh, perl, python, postscript, m4, cpp
>
> What is this all about? The system's security features (kernel +
> trusted
> programs) need to be be sufficient to implement the requirements, and
> programs that aren't security enforcing shouldn't need to be touched.
> I don't see a reliable way to make this list complete, and what keeps
> users from installing their own copy of a programming language?
Preventing execute access of all types that a user can write is not so
difficult, so it is possible to prevent the user from installing their
own copy of a programming language. Of course if a user could install a
programming language they could more easily install a binary produced by
an optimising compiler which would be much smaller.
There is a big demand for preventing a user from running any code,
preventing the user from running arbitrary shell scripts etc is
necessary to provide that feature. I'm not sure that the people who
demand such a feature are being sensible though. There is nothing
stopping an attacker from using expect on the attacking machine to run
programs...
More information about the redhat-lspp
mailing list