Date: Thu, 17 Jul 2008 08:59:00 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Liste FreeBSD-security <freebsd-security@freebsd.org> Subject: Re: A new kind of security needed Message-ID: <884CB541-7977-4EF1-9B72-7226BDF30188@patpro.net> In-Reply-To: <alpine.BSF.1.00.0807162303490.34772@treehorn.dfmm.org> References: <f383264b0807161710m285ed915m8ea9d088fbe83df9@mail.gmail.com> <alpine.BSF.1.00.0807162303490.34772@treehorn.dfmm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17 juil. 08, at 08:24, Jason Stone wrote: >> Is anyone else nervous trusting all his programs to have access to >> all his files? Is there already a reasonable solution to this >> problem? >> >> It makes me nervous for, say, Firefox and its plugins to be able to >> read and write every file I own, whether it's gnucash, ~/.ssh, or >> other sensitive files. > > Absolutely. Right now, I use different logins for different things > (casual web surfing, financial stuff, snd work), but it's > inconvenient and far from fullproof. > > Capabilities or MAC systems could be used here -- someone just has > to put in the work to make it happen. What about sandbox/chroot ? Apple has designed such a system for Mac OS X 10.5, and even if it's not fully functional now, it's probably interesting. <http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html > patpro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?884CB541-7977-4EF1-9B72-7226BDF30188>