[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POSIX
From: |
Jonathan S. Shapiro |
Subject: |
Re: POSIX |
Date: |
Wed, 26 Oct 2005 09:59:47 -0400 |
On Wed, 2005-10-26 at 15:35 +0200, Alfred M. Szmidt wrote:
> If the sub-hurd is going to be the basic mechanism of security,
> then EVERY new execution of every application should be
> performed in a freshly instantiated sub-hurd.
>
> You are assuming that each and every application is hostile, that
> isn't the case. If you have something that can be considered hostile
> (say, something that needs root privs), you can run it in a seperate
> enviroment. Enclosing each and every process into its own jail-like
> enviroment is beyond absurd.
Yes, I am definitely assuming this, because in my experience this is
actually true. Let's look at the three most common applications that
real users use:
Web browsers
Email readers
Word processors
Document browsers (e.g. acrobat, xpdf, ghostview)
Each of these runs code written by a very large number of untrusted
developers, and each downloads "plugins" (or equivalently: can spawn
local commands at the direction of documents) that I know nothing about.
The plugin code very often *is* hostile, and the programs that run them
very often contain security bugs.
So I would say that for the vast majority of program executions that I
do in a given day, yes, I would need a subhurd for every single one.
On the server side, things are even worse -- for those I need a new
sub-hurd for every page request that involves any sort of active
content.
shap
- Re: POSIX (was: Re: Let's do some coding :-) ), (continued)
- Re: POSIX (was: Re: Let's do some coding :-) ), Marcus Brinkmann, 2005/10/25
- Re: POSIX, olafBuddenhagen, 2005/10/25
- Re: POSIX, Marcus Brinkmann, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX,
Jonathan S. Shapiro <=
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Ronald Aigner, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/27
- Re: POSIX, Jonathan S. Shapiro, 2005/10/27
- Re: POSIX, Alfred M\. Szmidt, 2005/10/27
- Re: POSIX, Jonathan S. Shapiro, 2005/10/27