Init Config Security

List overview All Threads
Download

newer

older

Binary Compatibility

CPU frequency on i.MX53 QSB?

Nobody III

5 Nov 2014 5 Nov '14

5:13 a.m.

It seems that with the init config files generated by the run scripts, if any server/driver is compromised, it can take over the system, by requesting access to important services, such as those in the <parent-provides> section. It seems that to make init's config secure, one would have to explicitly name every service needed by a server and deny access to all others. Am I correct? If not, please enlighten me.

Attachments:

attachment.html (text/html — 449 bytes)

Show replies by date

Norman Feske

6 Nov 6 Nov

8:02 a.m.

Hello Ben,

...

It seems that with the init config files generated by the run scripts, if any server/driver is compromised, it can take over the system, by requesting access to important services, such as those in the <parent-provides> section. It seems that to make init's config secure, one would have to explicitly name every service needed by a server and deny access to all others. Am I correct? If not, please enlighten me.

you are correct. During development, the use of wildcards is handy. But for deployment, explicit routes are the way to go. See the corresponding section "Using the configuration concept" in the documentation of the init process:

http://genode.org/documentation/developer-resources/init#Using_the_configura...

Cheers Norman

-- Dr.-Ing. Norman Feske Genode Labs http://www.genode-labs.com · http://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

Nobody III

2:44 p.m.

Thanks. It would be good to put a list of required services in the readme for each program. On Nov 6, 2014 1:00 AM, "Norman Feske" <norman.feske@...1...> wrote:

...

Hello Ben,

...
It seems that with the init config files generated by the run scripts, if any server/driver is compromised, it can take over the system, by requesting access to important services, such as those in the <parent-provides> section. It seems that to make init's config secure, one would have to explicitly name every service needed by a server and deny access to all others. Am I correct? If not, please enlighten me.

you are correct. During development, the use of wildcards is handy. But for deployment, explicit routes are the way to go. See the corresponding section "Using the configuration concept" in the documentation of the init process:

http://genode.org/documentation/developer-resources/init#Using_the_configura...

Cheers Norman

-- Dr.-Ing. Norman Feske Genode Labs

http://www.genode-labs.com · http://genode.org

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main

3664

Age (days ago)

3665

Last active (days ago)

users@lists.genode.org

2 comments

2 participants

tags (0)

participants (2)

Nobody III
Norman Feske