Disallowing the dynamic loading of agents by default (revised)
David M. Lloyd
david.lloyd at redhat.com
Thu Apr 6 12:56:33 UTC 2017
On 04/06/2017 02:56 AM, Alan Bateman wrote:
> On 05/04/2017 17:55, David M. Lloyd wrote:
>
>>
>> This is just plain weird from a security perspective, to say that
>> unrelated processes have more privilege to control the current process
>> than processes that are closely related.
>>
>> Anyway this is yet another case where arbitrary artificial hurdles are
>> put in place for the purpose of human behavior modification. Such
>> hurdles can always be bypassed, generally resulting in even uglier
>> situations that the one you're trying to avoid. In this case I can
>> just fire a child process and then attach to it from the parent. Or
>> fire off two sibling processes and have one attach to the other.
>> Nothing is being saved here.
> This thread/proposal is concerned with libraries using APIs intended for
> tools to do brain surgery in the current VM.
I know, I'm giving examples of how such a library could circumvent this
restriction. Another example is to start a child process and a
grandchild process, and then have the child process exit.
Adding technical hurdles to send a social message is frankly pretty
lousy engineering. It never fails to backfire.
--
- DML
More information about the jigsaw-dev
mailing list