A new kind of security needed
Patrick Proniewski
patpro at patpro.net
Thu Jul 17 07:18:20 UTC 2008
On 17 juil. 08, at 08:24, Jason Stone wrote:
>> Is anyone else nervous trusting all his programs to have access to
>> all his files? Is there already a reasonable solution to this
>> problem?
>>
>> It makes me nervous for, say, Firefox and its plugins to be able to
>> read and write every file I own, whether it's gnucash, ~/.ssh, or
>> other sensitive files.
>
> Absolutely. Right now, I use different logins for different things
> (casual web surfing, financial stuff, snd work), but it's
> inconvenient and far from fullproof.
>
> Capabilities or MAC systems could be used here -- someone just has
> to put in the work to make it happen.
What about sandbox/chroot ?
Apple has designed such a system for Mac OS X 10.5, and even if it's
not fully functional now, it's probably interesting.
<http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html
>
patpro
More information about the freebsd-security
mailing list