Date: Wed, 16 Jul 2008 19:36:03 -0700 From: Chris Palmer <chris@noncombatant.org> To: Matt Reimer <mattjreimer@gmail.com>, freebsd-security@freebsd.org Subject: Re: A new kind of security needed Message-ID: <487EB013.9090706@noncombatant.org> In-Reply-To: <f383264b0807161710m285ed915m8ea9d088fbe83df9@mail.gmail.com> References: <f383264b0807161710m285ed915m8ea9d088fbe83df9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Reimer wrote: > Is anyone else nervous trusting all his programs to have access to all > his files? Is there already a reasonable solution to this problem? http://www.cis.upenn.edu/~KeyKOS/Confinement.html http://cr.yp.to/qmail/qmailsec-20071101.pdf Also: CapDesk, Bitfrost, systrace, EROS/Coyotos In general, solutions have proven to be vaporware, very burdensome to use (systrace), or reduced in scope (Bernstein's single-source transforms). The success rate is not zero, though, and I too crave a solution...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?487EB013.9090706>