From owner-freebsd-hackers  Fri May 31  4:11: 1 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from oxmail.ox.ac.uk (oxmail4.ox.ac.uk [163.1.2.33])
	by hub.freebsd.org (Postfix) with ESMTP id 7EAB437B407
	for <freebsd-hackers@freebsd.org>; Fri, 31 May 2002 04:10:57 -0700 (PDT)
Received: from heraldgate2.oucs.ox.ac.uk
	([163.1.2.50] helo=frontend2.herald.ox.ac.uk ident=exim)
	by oxmail.ox.ac.uk with esmtp (Exim 3.36 #1)
	id 17DkJ5-0002ZF-04; Fri, 31 May 2002 12:10:55 +0100
Received: from dhcp1125.wadham.ox.ac.uk ([163.1.161.125] helo=piii600.wadham.ox.ac.uk)
	by frontend2.herald.ox.ac.uk with esmtp (Exim 3.32 #1)
	id 17DkJ4-0001Y6-00; Fri, 31 May 2002 12:10:54 +0100
X-Info-RBL1: ox.ac.uk filters email against various lists.
X-Info-RBL2: If your replies bounce, try sending them to cperciva@sfu.ca
Message-Id: <5.0.2.1.1.20020531115739.029e9490@popserver.sfu.ca>
X-Sender: cperciva@popserver.sfu.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Fri, 31 May 2002 12:10:51 +0100
To: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>,
	Frank van Vliet <karin@root66.org>
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
Subject: Re: sandboxing untrusted binaries
Cc: freebsd-hackers@freebsd.org
In-Reply-To: <20020531105059.GA720@no-support.loc>
References: <20020531040714.G86421@root66.org>
 <20020530025817.GA4390@no-support.loc>
 <20020531040714.G86421@root66.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

At 12:50 31/05/2002 +0200, Bjoern Fischer wrote:
>systrace is not for sandboxing users but for sandboxing untrusted
>binaries. Such as netscape for example. Of course you never would
>run netscape as root. But you may even consider your "normal" user
>privileges as too powerful (reading PGP-Keys, tampering .rhosts or
>xauth, deleting you reports).

   I think even more useful than sandboxing netscape would be sandboxing 
netscape (or other application) plugins.  I'd certainly be much more 
willing to download and run the foo-reader plugin from 31337 enterprises if 
I knew that it would be unable to make any system calls beyond those 
necessary to interface with the owning application.

Colin Percival



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message