Secure Coding mailing list archives

Re: Opinion re an interesting article on Linux security in Linux Journal

From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Wed, 10 Mar 2004 22:13:14 +0000

To secure a machine from malware introduced by a naive user it is
required that naive users not have the privilege to introduce
software that can be executed by them or by other naive users.


I would disagree.  There's nothing wrong with allowing naÃ¯ve users to
introduce software they or others can execute - provided its execution
is appropriately sandboxed.

Trouble is, _that_ is hard.  Java in web-browsers tried it, and gave us
bugs in the jvm sandbox.  Also, what the sandboxes should permit the
sandboxed software to do varies from site to site, and in some cases
from machine to machine, and some of those sites don't have anyone
competent to figure out what the restrictions should be for them, much
less correctly configure the sandbox to implement them.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               [EMAIL PROTECTED]
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
  - Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
    - RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
    - Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
  - Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
  - Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
    - Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
    - Re: Comparison of SubDomain, SELinux and systrace Jared W. Robinson (Mar 16)

(Thread continues...)