[Cryptography] Are dynamic libs compatible with security? was: Apple and OpenSSL
Bear
bear at sonic.net
Sun Apr 20 12:53:44 EDT 2014
On Sun, 2014-04-20 at 11:45 -0400, Bill Cox wrote:
> The right way to do applications is much like this, where we also run
> each application in it's own security jail.
Agreed, and possibly in an even more radical form than you were
considering. I'm more and more sold on the idea that ABI's are a
bad idea. This is kind of a radical notion, and would not be as
performant, but hardware is faster now and, especially for the
desktop, we still have security needs our current methodology
doesn't address and underutilized hardware capabilities we can
devote to them. This wouldn't work for compute-bound or I/O bound
servers, but on the desktop the current hardware represents an
embarrassment of riches for doing things better than we have.
Consider as an alternative a system in which pretty much everything
is a discrete application with no shared address space, and if
something needs a service provided by other code it needs to ask
for it via the sockets layer - which is locked down hard and possibly
encrypted, does its own bounds checking, etc. Depending on the
service and the timeframe, that request is either a request to a
running daemon that handles it just like it handles any other
request, or a request to the kernel to start an instance of a
process just to serve the current program's needs.
Procedure calls are just too unchecked and mapping things into
the same address space where machine code can read data you
wanted private is not something we have to do. So why are we
doing it?
> In addition, to save on space, identical binaries should only exist on
> disk once. This can be done trivially with hard links.
It can also be done trivially with separate processes. But let's
face it; an entry level machine these days has a terabyte drive,
and development boxes are a dozen terabytes. Saving space is no
longer as important as design simplicity, because design simplicity
has gotten cheaper with current hardware. And the most complex
machines - where security issues hurt the most - are desktops,
which have underutilized hardware capabilities.
Bear
More information about the cryptography
mailing list