Re: Friendly and secure desktop operating system

[Timo Sirainen <tss () iki fi>]

On Tue, 2003-10-14 at 03:27, Valdis.Kletnieks () vt edu wrote:
> On Tue, 14 Oct 2003 02:00:39 +0300, Timo Sirainen <tss () iki fi>  said:
>
> > http://iki.fi/tss/security/friendly-secure-os.html
> >
> > I'd like to hear comments about it. I hope it's easily enough
> > understandable, it's really just intended to give some larger ideas and
> > let you figure out the details.
>
> *sniff* *sniff*.. Do I smell the presence of Java here? ;)
>
> (You've basically described the Java sandbox...)

Well, yes. The sandbox part is very much like with Java, except it would
be enforced by operating system rather than JVM.

But the sandboxing itself wasn't the only point - sandboxing isn't
useful if most software requires access outside the safe sandbox. You
really want to have a system where you don't get constantly questions if
something is allowed or not, but you still should be able to run pretty
much any kind of software you run into.

> Have you taken a look at Sun's recent Java-based desktop?  Is that
> what you're thinking of?
>
> http://wwws.sun.com/software/learnabout/desktopsystem/index.html

That doesn't seem to be Java-only desktop. For example it includes Star
Office. Security holes in Star Office would still allow full access to
user's files.

I'd want a system where I can run any software I want and reasonably
expect that it can't do any harm besides consuming CPU and memory. Also
classifying software simply to "trusted" and "untrusted" isn't enough. I
don't want my "trusted" web browser accessing files in my home directory
(due to security holes in it) unless I specifically tell it to upload or
download them.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html