On Tue, 14 Oct 2003 04:28:38 +0300, Timo Sirainen said: > I'd want a system where I can run any software I want and reasonably > expect that it can't do any harm besides consuming CPU and memory. Also "any software I want" and "reasonably expect" are probably hard to achieve at the same time. You get to either sandbox, or use things like SELinux and chroot/jail to restrict them, or solve the Turing Halting Problem (as doing a perfect job of detecting malware is an equivalent problem). > classifying software simply to "trusted" and "untrusted" isn't enough. I > don't want my "trusted" web browser accessing files in my home directory > (due to security holes in it) unless I specifically tell it to upload or > download them. About the only way to do this is to use an OpenSSH-style privsep, where the main browser runs in ONE compartment, and file up/downloads are handled via a temp directory/whatever and a separate entity that copies the stuff from temp to home. And even then you can't do a good job of keeping the main browser from lying to the helper if the main browser is subverted....
Attachment:
pgp00064.pgp
Description: PGP signature