Disallowing the dynamic loading of agents by default (revised)

David M. Lloyd david.lloyd at redhat.com
Thu Apr 6 12:56:33 UTC 2017

On 04/06/2017 02:56 AM, Alan Bateman wrote:
> On 05/04/2017 17:55, David M. Lloyd wrote:
>> This is just plain weird from a security perspective, to say that
>> unrelated processes have more privilege to control the current process
>> than processes that are closely related.
>> Anyway this is yet another case where arbitrary artificial hurdles are
>> put in place for the purpose of human behavior modification. Such
>> hurdles can always be bypassed, generally resulting in even uglier
>> situations that the one you're trying to avoid.  In this case I can
>> just fire a child process and then attach to it from the parent.  Or
>> fire off two sibling processes and have one attach to the other.
>> Nothing is being saved here.
> This thread/proposal is concerned with libraries using APIs intended for
> tools to do brain surgery in the current VM.

I know, I'm giving examples of how such a library could circumvent this 
restriction.  Another example is to start a child process and a 
grandchild process, and then have the child process exit.

Adding technical hurdles to send a social message is frankly pretty 
lousy engineering.  It never fails to backfire.


More information about the jigsaw-dev mailing list