From owner-freebsd-security@FreeBSD.ORG  Thu Jul 17 07:18:20 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6E579106567E
	for <freebsd-security@freebsd.org>;
	Thu, 17 Jul 2008 07:18:20 +0000 (UTC)
	(envelope-from patpro@patpro.net)
Received: from smtp.univ-lyon2.fr (smtp.univ-lyon2.fr [159.84.143.102])
	by mx1.freebsd.org (Postfix) with ESMTP id 284F68FC29
	for <freebsd-security@freebsd.org>;
	Thu, 17 Jul 2008 07:18:20 +0000 (UTC)
	(envelope-from patpro@patpro.net)
Received: from localhost (localhost [127.0.0.1])
	by smtp.univ-lyon2.fr (Postfix) with ESMTP id DA11780D7840
	for <freebsd-security@freebsd.org>;
	Thu, 17 Jul 2008 08:59:01 +0200 (CEST)
X-Virus-Scanned: amavisd-new at univ-lyon2.fr
Received: from smtp.univ-lyon2.fr ([127.0.0.1])
	by localhost (smtp.univ-lyon2.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id CL4A7VG9wZXg for <freebsd-security@freebsd.org>;
	Thu, 17 Jul 2008 08:59:00 +0200 (CEST)
Received: from patpro.univ-lyon2.fr (unknown [159.84.148.59])
	by smtp.univ-lyon2.fr (Postfix) with ESMTP id 84E4580D783D
	for <freebsd-security@freebsd.org>;
	Thu, 17 Jul 2008 08:59:00 +0200 (CEST)
Message-Id: <884CB541-7977-4EF1-9B72-7226BDF30188@patpro.net>
From: Patrick Proniewski <patpro@patpro.net>
To: Liste FreeBSD-security <freebsd-security@freebsd.org>
In-Reply-To: <alpine.BSF.1.00.0807162303490.34772@treehorn.dfmm.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v926)
Date: Thu, 17 Jul 2008 08:59:00 +0200
References: <f383264b0807161710m285ed915m8ea9d088fbe83df9@mail.gmail.com>
	<alpine.BSF.1.00.0807162303490.34772@treehorn.dfmm.org>
X-Mailer: Apple Mail (2.926)
Subject: Re: A new kind of security needed
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2008 07:18:20 -0000

On 17 juil. 08, at 08:24, Jason Stone wrote:

>> Is anyone else nervous trusting all his programs to have access to  
>> all his files? Is there already a reasonable solution to this  
>> problem?
>>
>> It makes me nervous for, say, Firefox and its plugins to be able to  
>> read and write every file I own, whether it's gnucash, ~/.ssh, or  
>> other sensitive files.
>
> Absolutely.  Right now, I use different logins for different things  
> (casual web surfing, financial stuff, snd work), but it's  
> inconvenient and far from fullproof.
>
> Capabilities or MAC systems could be used here -- someone just has  
> to put in the work to make it happen.

What about sandbox/chroot ?
Apple has designed such a system for Mac OS X 10.5, and even if it's  
not fully functional now, it's probably interesting.

<http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html 
 >

patpro