| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: and-bugtraq at doxdesk.com (Andrew Clover) Subject: Friendly and secure desktop operating system Timo Sirainen <tss@....fi> wrote: > You're thinking about how to do it currently in UNIX world. I'm thinking > about adding new concepts in kernel level. systrace would be much more > closer to it than chroot jails. Indeed, I've been thinking a lot about how to create the sort of desktop environment you describe, and I don't think it's 'properly' doable within the current Unix-style or Windows operating environments. It would require a pervasive system of fine-grained capabilities, from base OS level right up to user desktop services. Programs would have to get used to pre-requesting each service they require, and cope with being refused (either on policy grounds, or user choice, or the user themselves not having the required rights). There are also user interface concerns (ie. how to prevent an application 'faking' the system security interface). An attempt starting along these lines can be seen in Tiny Personal Firewall. Its interface isn't too great, it's not complete, and of course on a Windows platform there is nothing stopping a malicious process from subverting the protection, but it's an interesting glimpse at the sort of thing we might need. -- Andrew Clover mailto:and@...desk.com http://www.doxdesk.com/
Powered by blists - more mailing lists