Executing a user-compiled object
Posted: Mon Oct 02, 2006 10:42 amI posted this on the mailing list a few days back but I guess it's got lost somewhere so here goes...
I want to enable some trusted users to be able to run their own compiled objects, the names of which will not generally be known.
Obviously this can lead to some trouble and ideally I don't want to do this by including the user in the TPE group as that would enable them to run rather more.
Is there an alternative? I haven't upgraded grsec for some time so perhaps this sort of thing is already included.
Installed and ready-compiled objects may not behave themselves as well but they can be dealt with by an appropriate ACL if they are trusted on an individual basis.
I noticed a thread http://forums.grsecurity.net/viewtopic.php?p=5650& and that shows what could be done if a user can compile. Obviously I would want to avoid such disasters. The thread also gives some ideas about restricting use but as PaX quotes Andrew Morton at the end, there are many ways to cripple a linux box.
But not being able to compile your own programs for a serious user is pretty restrictive too.
Maybe we have to wait for Xen to be fully integrated into the 2.6 kernel and give everyone a sandbox.
I want to enable some trusted users to be able to run their own compiled objects, the names of which will not generally be known.
Obviously this can lead to some trouble and ideally I don't want to do this by including the user in the TPE group as that would enable them to run rather more.
Is there an alternative? I haven't upgraded grsec for some time so perhaps this sort of thing is already included.
Installed and ready-compiled objects may not behave themselves as well but they can be dealt with by an appropriate ACL if they are trusted on an individual basis.
I noticed a thread http://forums.grsecurity.net/viewtopic.php?p=5650& and that shows what could be done if a user can compile. Obviously I would want to avoid such disasters. The thread also gives some ideas about restricting use but as PaX quotes Andrew Morton at the end, there are many ways to cripple a linux box.
But not being able to compile your own programs for a serious user is pretty restrictive too.
Maybe we have to wait for Xen to be fully integrated into the 2.6 kernel and give everyone a sandbox.