Secure Coding mailing list archives

Re: Re: Application Sandboxing, communication limiting, etc.

From: "Jared W. Robinson" <jwr () xmission com>
Date: Tue, 16 Mar 2004 20:33:21 +0000

This is exactly what Immunix SubDomain does: define the files and
network activities that each program may access. We use use regular
expressions to specify policy, so for instance, fingerd could be
permitted to read /home/*/.plan and not read anything else.


I'm glad to hear that SubDomain exists. Can you extend the idea for
individual Python/Perl scripts, or do you have to restrict all
Python/Perl scripts with one policy?

- Jared

Current thread:

Re: Opinion re an interesting article on Linux security in Linux Journal, (continued)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
  - Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
  - Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
    - Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
    - Re: Comparison of SubDomain, SELinux and systrace Jared W. Robinson (Mar 16)
  - Re: Opinion re an interesting article on Linux security in Linux Journal Martin Stricker (Mar 11)