Re: Friendly and secure desktop operating system

[Valdis.Kletnieks () vt edu]

On Tue, 14 Oct 2003 04:28:38 +0300, Timo Sirainen said:

> I'd want a system where I can run any software I want and reasonably
> expect that it can't do any harm besides consuming CPU and memory. Also

"any software I want" and "reasonably expect" are probably hard to achieve at
the same time.  You get to either sandbox, or use things like SELinux and chroot/jail
to restrict them, or solve the Turing Halting Problem (as doing a perfect job of detecting
malware is an equivalent problem).

> classifying software simply to "trusted" and "untrusted" isn't enough. I
> don't want my "trusted" web browser accessing files in my home directory
> (due to security holes in it) unless I specifically tell it to upload or
> download them.

About the only way to do this is to use an OpenSSH-style privsep, where the main
browser runs in ONE compartment, and file up/downloads are handled via a temp
directory/whatever and a separate entity that copies the stuff from temp to home.
And even then you can't do a good job of keeping the main browser from lying to
the helper if the main browser is subverted....

Attachment: _bin
Description: