Re: A new kind of security needed


On Thu, 17 Jul 2008, Patrick Proniewski wrote:

Absolutely. Right now, I use different logins for different things (casual web surfing, financial stuff, snd work), but it's inconvenient and far from fullproof.

Capabilities or MAC systems could be used here -- someone just has to put in the work to make it happen.

What about sandbox/chroot ? Apple has designed such a system for Mac OS X 10.5, and even if it's not fully functional now, it's probably interesting.

<http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html>

And, interestingly, the Mac OS X Sandbox parts are based on the TrustedBSD MAC Framework that was first developed on FreeBSD and later port to Mac OS X. However, Sandbox is not open source, and does rely on the reliability of pathnames, which on UFS (and even HFS+) is a bit of a tricky issue.

FWIW, I have some work in progress on the capability front, but it's a highly complex issue that will take years to work through properly. Unfortunately, the real issue isn't so much the OS primitives as building up a non-trivial application base that uses them. Providing primitives to subdivie applications isn't easy, but once you've done that you still have to rewrite lots of applications to take advantage of it, and in a way that shows a lot more application programmer discipline. It's not clear to me that the pressure is there to make feature-driven application development for major desktop applications adopt techniques of this sort.

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Security Weaknesses of OS X
    ... already implemented "capabilities" into their OS. ... Not Windows, not Solaris, not Linux, not Mac ... not knowing the details of these security ... virtually ending the discovery of security vulnerabilities ...
    (comp.sys.mac.system)
  • Re: + smack-version-11c-simplified-mandatory-access-control-kernel.patch
    ... Casey Schaufler wrote: ... sense to me - even if its not honored by all MAC LSMs. ... capabilities and MAC together, is that the granularity is lost on ...
    (Linux-Kernel)
  • Re: + smack-version-11c-simplified-mandatory-access-control-kernel.patch
    ... Casey Schaufler wrote: ... general for MAC. ... capabilities and MAC together, is that the granularity is lost on ... draft assumed a Bell & LaPadula sensitivity model, ...
    (Linux-Kernel)
  • Re: TextEdit argh
    ... It comes free on every Mac system. ... Apple's cmd-T Font utility and Text to Speech capabilities). ... alternative -- if only Apple would put a little more effort into making ... Response 2: It only lets you "cut free from Word entirely" if the ...
    (comp.sys.mac.apps)
  • Re: TextEdit argh
    ... and provides such important and widely needed functions on the Mac, ... It comes free on every Mac system. ... Apple's cmd-T Font utility and Text to Speech capabilities). ... Format editor, with a reasonable complete set of formatting and ...
    (comp.sys.mac.apps)