From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@cse.psu.edu Subject: Re: [9fans] security Date: Sat, 27 Oct 2007 16:40:57 -0700 From: Skip Tavakkolian <9nut@9netics.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: dbe2a3cc-ead2-11e9-9d60-3106f5b1d025 >> How about forking off a server process that lets me execute arbitrary >> commands as you? >> >> How about placing trojan processes in your person bin directory? >> >> How about subtly corrupting all of the writable data in your filesystem? >> >> How about setting up a spam bot on your machine? Using your machine as >> part of a distributed denial-of-service attack against some other >> networked machines? >> >> How about replacing your compiler with one that introduces errors >> nondeterministically? Changing your acme to occasionally not save your >> data? >> >> If you sit down and think of it for a little bit you'll notice this is >> just the tip of the iceburg. There are lots of irritating things that can >> happen even without setuid or a super user. you are stating truisms. you might as well add "how about poisoning your friends that you invited for dinner." at that point you're betraying an implicit trust. if you don't trust your users, you can create a temporary namespace to house a copy of system binaries and narrow the / for that user to his/her ns.