lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: tss at iki.fi (Timo Sirainen)
Subject: Friendly and secure desktop operating system

On Tue, 2003-10-14 at 03:27, Valdis.Kletnieks@...edu wrote:
> On Tue, 14 Oct 2003 02:00:39 +0300, Timo Sirainen <tss@....fi>  said:
> 
> > http://iki.fi/tss/security/friendly-secure-os.html
> > 
> > I'd like to hear comments about it. I hope it's easily enough
> > understandable, it's really just intended to give some larger ideas and
> > let you figure out the details.
> 
> *sniff* *sniff*.. Do I smell the presence of Java here? ;)
> 
> (You've basically described the Java sandbox...)

Well, yes. The sandbox part is very much like with Java, except it would
be enforced by operating system rather than JVM.

But the sandboxing itself wasn't the only point - sandboxing isn't
useful if most software requires access outside the safe sandbox. You
really want to have a system where you don't get constantly questions if
something is allowed or not, but you still should be able to run pretty
much any kind of software you run into.

> Have you taken a look at Sun's recent Java-based desktop?  Is that
> what you're thinking of?
> 
> http://wwws.sun.com/software/learnabout/desktopsystem/index.html

That doesn't seem to be Java-only desktop. For example it includes Star
Office. Security holes in Star Office would still allow full access to
user's files.

I'd want a system where I can run any software I want and reasonably
expect that it can't do any harm besides consuming CPU and memory. Also
classifying software simply to "trusted" and "untrusted" isn't enough. I
don't want my "trusted" web browser accessing files in my home directory
(due to security holes in it) unless I specifically tell it to upload or
download them.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ