Date: Sun, 01 Oct 2000 11:32:26 +0200 From: Mark Murray <mark@grondar.za> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Warner Losh <imp@village.org>, Jordan Hubbard <jkh@winston.osd.bsdi.com>, security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <200010010932.e919WRl00389@grimreaper.grondar.za> In-Reply-To: <Pine.NEB.3.96L.1000930190059.44353B-100000@fledge.watson.org> ; from Robert Watson <rwatson@FreeBSD.ORG> "Sat, 30 Sep 2000 19:05:51 -0400." References: <Pine.NEB.3.96L.1000930190059.44353B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Exposure: > > Whether or not the application should, in normal use, be exposed to data > of untrusted origin (e-mail, data files from untrusted users, socket > connections in or out-bound, etc). > > - Intended to be run with exposure to untrusted environments > - Not intended to run with exposure to untrusted environments This is policy - we should not mess with that, I don't think. _Everything_ in Unix sees an untrusted environment is the assumption. > Auditing: > > Whether or not the application has been audited by FreeBSD security > developers, or other trusted parties. > > - Known decent > - Unknown > - Known bad I'd make this: - Known good - Believed good - Unknown - Believed bad - Known bad > Privilege: > > What amount of privilege and access this code will be run as, determining > the level of damage possible as a result of an exploit. > > - Run with elevated privilege > - Run by normal users > - Run sandboxed Right. This takes over the "exposure" item above. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010010932.e919WRl00389>