Secure Coding mailing list archives
Re: Re: Application Sandboxing, communication limiting, etc.
From: "Jared W. Robinson" <jwr () xmission com>
Date: Tue, 16 Mar 2004 20:33:21 +0000
This is exactly what Immunix SubDomain does: define the files and network activities that each program may access. We use use regular expressions to specify policy, so for instance, fingerd could be permitted to read /home/*/.plan and not read anything else.
I'm glad to hear that SubDomain exists. Can you extend the idea for individual Python/Perl scripts, or do you have to restrict all Python/Perl scripts with one policy? - Jared
Current thread:
- Re: Opinion re an interesting article on Linux security in Linux Journal, (continued)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
- Re: Comparison of SubDomain, SELinux and systrace Jared W. Robinson (Mar 16)