Full Disclosure mailing list archives
Re: Friendly and secure desktop operating system
From: Valdis.Kletnieks () vt edu
Date: Mon, 13 Oct 2003 22:41:09 -0400
On Tue, 14 Oct 2003 04:28:38 +0300, Timo Sirainen said:
I'd want a system where I can run any software I want and reasonably expect that it can't do any harm besides consuming CPU and memory. Also
"any software I want" and "reasonably expect" are probably hard to achieve at the same time. You get to either sandbox, or use things like SELinux and chroot/jail to restrict them, or solve the Turing Halting Problem (as doing a perfect job of detecting malware is an equivalent problem).
classifying software simply to "trusted" and "untrusted" isn't enough. I don't want my "trusted" web browser accessing files in my home directory (due to security holes in it) unless I specifically tell it to upload or download them.
About the only way to do this is to use an OpenSSH-style privsep, where the main browser runs in ONE compartment, and file up/downloads are handled via a temp directory/whatever and a separate entity that copies the stuff from temp to home. And even then you can't do a good job of keeping the main browser from lying to the helper if the main browser is subverted....
Attachment:
_bin
Description:
Current thread:
- Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Valdis . Kletnieks (Oct 13)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Gary Flynn (Oct 13)
- Re: Friendly and secure desktop operating system Valdis . Kletnieks (Oct 13)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Andrew Clover (Oct 14)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Valdis . Kletnieks (Oct 13)
- Re: Friendly and secure desktop operating system David (Oct 13)
- Re: Friendly and secure desktop operating system Peter Busser (Oct 16)
- Re: Friendly and secure desktop operating system Ondrej Krajicek (Oct 16)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- <Possible follow-ups>
- Re: Friendly and secure desktop operating system Franz von Sickingen (Oct 14)