summaryrefslogtreecommitdiff
path: root/community/gsoc/project_ideas/secure_chroot.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'community/gsoc/project_ideas/secure_chroot.mdwn')
-rw-r--r--community/gsoc/project_ideas/secure_chroot.mdwn39
1 files changed, 39 insertions, 0 deletions
diff --git a/community/gsoc/project_ideas/secure_chroot.mdwn b/community/gsoc/project_ideas/secure_chroot.mdwn
new file mode 100644
index 00000000..a47bd5db
--- /dev/null
+++ b/community/gsoc/project_ideas/secure_chroot.mdwn
@@ -0,0 +1,39 @@
+[[meta copyright="Copyright © 2008, 2009 Free Software Foundation, Inc."]]
+
+[[meta license="""[[toggle id="license" text="GFDL 1.2+"]][[toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
+is included in the section entitled
+[[GNU_Free_Documentation_License|/fdl]]."]]"""]]
+
+[[meta title="Secure chroot Implementation"]]
+
+As the Hurd attempts to be (almost) fully [[UNIX]]-compatible, it also implements a
+`chroot()` system call. However, the current implementation is not really
+good, as it allows easily escaping the `chroot`, for example by use of
+[[passive_translators|hurd/translator]].
+
+Many solutions have been suggested for this problem -- ranging from simple
+workaround changing the behaviour of passive translators in a `chroot`;
+changing the context in which passive translators are exectuted; changing the
+interpretation of filenames in a chroot; to reworking the whole passive
+translator mechanism. Some involving a completely different approch to
+`chroot` implementation, using a proxy instead of a special system call in the
+filesystem servers.
+
+The task is to pick and implement one approach for fixing chroot.
+
+This task is pretty heavy: it requires a very good understanding of file name
+lookup and the translator mechanism, as well as of security concerns in general
+-- the student must prove that he really understands security implications of
+the UNIX namespace approach, and how they are affected by the introduction of
+new mechanisms. (Translators.) More important than the acualy code is the
+documentation of what he did: he must be able to defend why he chose a certain
+approach, and explain why he believes this approach really secure.
+
+Possible mentors: ?
+
+Exercise: Make some modification to the chroot mechanism. (More specific
+suggestions welcome :-) )
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 04:02:53 +0000