[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200310140241.h9E2fAD5006778@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Friendly and secure desktop operating system
On Tue, 14 Oct 2003 04:28:38 +0300, Timo Sirainen said:
> I'd want a system where I can run any software I want and reasonably
> expect that it can't do any harm besides consuming CPU and memory. Also
"any software I want" and "reasonably expect" are probably hard to achieve at
the same time. You get to either sandbox, or use things like SELinux and chroot/jail
to restrict them, or solve the Turing Halting Problem (as doing a perfect job of detecting
malware is an equivalent problem).
> classifying software simply to "trusted" and "untrusted" isn't enough. I
> don't want my "trusted" web browser accessing files in my home directory
> (due to security holes in it) unless I specifically tell it to upload or
> download them.
About the only way to do this is to use an OpenSSH-style privsep, where the main
browser runs in ONE compartment, and file up/downloads are handled via a temp
directory/whatever and a separate entity that copies the stuff from temp to home.
And even then you can't do a good job of keeping the main browser from lying to
the helper if the main browser is subverted....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031013/1ab7ddbf/attachment.bin
Powered by blists - more mailing lists