Secure Coding mailing list archives

Re: Re: Application Sandboxing, communication limiting, etc.

From: Jose Nazario <jose () monkey org>
Date: Wed, 10 Mar 2004 23:17:53 +0000

SELinux. LIDS. systrace (Linux, BSD, MacOS X). a few things on FreeBSD i
can't recall.

i dont know what exists for the average user on Windows at the application
level, but i do know that personal firewalls can help. untrusted programs
can't access the network, either as a server or as a client. i know a few
products exist for servers, typically restricted to server programs (ie
IIS).

so, some work is being done on that front, not enough yet. bear in mind
that, just like with comcast's behavior restriction system making the FD
news lately, power users of systems will complain and be annoyed when they
find their access suddenly fettered.

___
jose nazario, ph.d.                     [EMAIL PROTECTED]
                                        http://monkey.org/~jose/
                                        http://infosecdaily.net/

Current thread:

Re: Opinion re an interesting article on Linux security in Linux Journal, (continued)
- - Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
    - RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
    - Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
  - Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
  - Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
    - Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
    - Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
    - Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
    - Re: Comparison of SubDomain, SELinux and systrace Jared W. Robinson (Mar 16)
  - Re: Opinion re an interesting article on Linux security in Linux Journal Martin Stricker (Mar 11)