From 788cf51a9546dd1daddf9f550af84c6bbecc94dc Mon Sep 17 00:00:00 2001 From: Thomas Schwinge Date: Thu, 5 Mar 2009 19:20:56 +0100 Subject: community/gsoc/project_ideas: Split into subpages. --- community/gsoc/project_ideas/secure_chroot.mdwn | 39 +++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 community/gsoc/project_ideas/secure_chroot.mdwn (limited to 'community/gsoc/project_ideas/secure_chroot.mdwn') diff --git a/community/gsoc/project_ideas/secure_chroot.mdwn b/community/gsoc/project_ideas/secure_chroot.mdwn new file mode 100644 index 00000000..a47bd5db --- /dev/null +++ b/community/gsoc/project_ideas/secure_chroot.mdwn @@ -0,0 +1,39 @@ +[[meta copyright="Copyright © 2008, 2009 Free Software Foundation, Inc."]] + +[[meta license="""[[toggle id="license" text="GFDL 1.2+"]][[toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled +[[GNU_Free_Documentation_License|/fdl]]."]]"""]] + +[[meta title="Secure chroot Implementation"]] + +As the Hurd attempts to be (almost) fully [[UNIX]]-compatible, it also implements a +`chroot()` system call. However, the current implementation is not really +good, as it allows easily escaping the `chroot`, for example by use of +[[passive_translators|hurd/translator]]. + +Many solutions have been suggested for this problem -- ranging from simple +workaround changing the behaviour of passive translators in a `chroot`; +changing the context in which passive translators are exectuted; changing the +interpretation of filenames in a chroot; to reworking the whole passive +translator mechanism. Some involving a completely different approch to +`chroot` implementation, using a proxy instead of a special system call in the +filesystem servers. + +The task is to pick and implement one approach for fixing chroot. + +This task is pretty heavy: it requires a very good understanding of file name +lookup and the translator mechanism, as well as of security concerns in general +-- the student must prove that he really understands security implications of +the UNIX namespace approach, and how they are affected by the introduction of +new mechanisms. (Translators.) More important than the acualy code is the +documentation of what he did: he must be able to defend why he chose a certain +approach, and explain why he believes this approach really secure. + +Possible mentors: ? + +Exercise: Make some modification to the chroot mechanism. (More specific +suggestions welcome :-) ) -- cgit v1.2.3