Disallowing the dynamic loading of agents by default (revised)

Andrew Dinn adinn at redhat.com
Thu Apr 6 13:05:01 UTC 2017 

On 06/04/17 13:56, David M. Lloyd wrote:
> On 04/06/2017 02:56 AM, Alan Bateman wrote:
>> On 05/04/2017 17:55, David M. Lloyd wrote:
>>
>>>
>>> This is just plain weird from a security perspective, to say that
>>> unrelated processes have more privilege to control the current process
>>> than processes that are closely related.
>>>
>>> Anyway this is yet another case where arbitrary artificial hurdles are
>>> put in place for the purpose of human behavior modification. Such
>>> hurdles can always be bypassed, generally resulting in even uglier
>>> situations that the one you're trying to avoid.  In this case I can
>>> just fire a child process and then attach to it from the parent.  Or
>>> fire off two sibling processes and have one attach to the other.
>>> Nothing is being saved here.
>> This thread/proposal is concerned with libraries using APIs intended for
>> tools to do brain surgery in the current VM.
> 
> I know, I'm giving examples of how such a library could circumvent this
> restriction.  Another example is to start a child process and a
> grandchild process, and then have the child process exit.
> 
> Adding technical hurdles to send a social message is frankly pretty
> lousy engineering.  It never fails to backfire.

This proposal comes with an even simpler way to 'circumvent this
restriction' i.e. set the requisite property on the command line.

I think the point is not really to stop rogue code from hoisting an
agent by such indirect means (Mark Reinhold agreed that if such rogue
code is in the runtime you have already handed over the keys to the
castle). It is to make normal code explicitly acknowledge what it is
doing (more precisely, to make those deploying the code be more explicit
about their intention to do so).

That's not such a terrible thing to transition to in the longer term,
assuming we are given time to manage the transition.

regards,


Andrew Dinn
-----------
Senior Principal Software Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander

More information about the jigsaw-dev mailing list