Re: Sandboxing

On 09/11/06, Luke Crawford <lsc@xxxxxxxxx> wrote:
jail is the best sandbox FreeBSD has; if that's to heavy, simply run it
setuid to another user that doesn't have permission to anything- it's not
as good of a sandbox, but it's lightweight.


Of course there is another problem with this approach: a different UID isn't
allowed to connect to :0.0 on the X server under the FreeBSD default
security settings for X.

MC
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • .NET security allowing fulltrust but shouldnt ?!?
    ... I'm trying to set up a SANDBOX-directory to test security issues. ... Therefor I created a Permission Set with low permissions, ... I created a Code Group (Code Groups\All_Code\.NET Sandbox) with an URL ... But when executing my test executable, it runs just fine, without ...
    (microsoft.public.dotnet.security)
  • [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE
    ... complex software like a browser inside a sandbox that restricted its ability ... UnamanagedCode, MemberAccess Reflection or SkipVerification Permission, ... developer, your application crashed because it didn't have the required ... it is the user's responsibility (i.e. its IT Security and Server ...
    (Full-Disclosure)
  • Re: Sandboxing Winforms code
    ... How does IE sandbox the assembly then? ... >> it also runs under same Internet permission set? ... >> But it doesn't say what permission it wants. ... >> if I specify FullTrust. ...
    (microsoft.public.dotnet.security)
  • setuid (SUID) question on RH9
    ... According to the RH System Administration guide, section 6.3.1, setuid ... bit on a script should work as follows: ... setuid — used only for applications, this permission indicates that the ... executing the application. ...
    (linux.redhat)