Re: A new kind of security needed

On 17 juil. 08, at 08:24, Jason Stone wrote:

Is anyone else nervous trusting all his programs to have access to all his files? Is there already a reasonable solution to this problem?

It makes me nervous for, say, Firefox and its plugins to be able to read and write every file I own, whether it's gnucash, ~/.ssh, or other sensitive files.

Absolutely. Right now, I use different logins for different things (casual web surfing, financial stuff, snd work), but it's inconvenient and far from fullproof.

Capabilities or MAC systems could be used here -- someone just has to put in the work to make it happen.

What about sandbox/chroot ?
Apple has designed such a system for Mac OS X 10.5, and even if it's not fully functional now, it's probably interesting.

<http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html >

patpro
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"