Re: Sandboxing



On 09/11/06, Luke Crawford <lsc@xxxxxxxxx> wrote:
jail is the best sandbox FreeBSD has; if that's to heavy, simply run it
setuid to another user that doesn't have permission to anything- it's not
as good of a sandbox, but it's lightweight.


Of course there is another problem with this approach: a different UID isn't
allowed to connect to :0.0 on the X server under the FreeBSD default
security settings for X.

MC
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • .NET security allowing fulltrust but shouldnt ?!?
    ... I'm trying to set up a SANDBOX-directory to test security issues. ... Therefor I created a Permission Set with low permissions, ... I created a Code Group (Code Groups\All_Code\.NET Sandbox) with an URL ... But when executing my test executable, it runs just fine, without ...
    (microsoft.public.dotnet.security)
  • Re: Writing jnlp program for both sandbox and all-permissions
    ... If your only choices are sandbox and allpermissions, you can simply check whether you have permission to do any single thing that would be illegal in the sandbox ... You seem to be suggesting it is wise to plan for an intermediate level of permissions between just sandbox and allpermissions. ... Is he more likely to use your program if it says "this program needs permission to connect to the Internet, and read/write to one particular file" or if it says "this program needs permission to do anything it wants with your computer"? ...
    (comp.lang.java.programmer)
  • [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE
    ... complex software like a browser inside a sandbox that restricted its ability ... UnamanagedCode, MemberAccess Reflection or SkipVerification Permission, ... developer, your application crashed because it didn't have the required ... it is the user's responsibility (i.e. its IT Security and Server ...
    (Full-Disclosure)
  • Re: Sandboxing Winforms code
    ... How does IE sandbox the assembly then? ... >> it also runs under same Internet permission set? ... >> But it doesn't say what permission it wants. ... >> if I specify FullTrust. ...
    (microsoft.public.dotnet.security)
  • setuid (SUID) question on RH9
    ... According to the RH System Administration guide, section 6.3.1, setuid ... bit on a script should work as follows: ... setuid used only for applications, this permission indicates that the ... executing the application. ...
    (linux.redhat)