Date: Sun, 1 Oct 2000 10:01:51 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: cjclark@alum.mit.edu, security@FreeBSD.ORG Subject: Re: Multiple userids, one user Message-ID: <Pine.NEB.3.96L.1001001095522.53359A-100000@fledge.watson.org> In-Reply-To: <200010010526.BAA12242@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Oct 2000, Garrett Wollman wrote: > <<On Sat, 30 Sep 2000 15:14:36 -0700, "Crist J . Clark" <cjclark@reflexnet.net> said: > > > Why not just run each program under a different user? > > To some extent I do this. When I am forced to use a Web browser > configured insecurely (which for some inexplicable reason always seems > to involve managing my finances), I switch to another VT, log in as my > alter ego, and do what I need to do. Of course, not even my alter ego > gives a valid e-mail address to the Web browser.... One of the problems with this technique is X Windows -- while FreeBSD will provide effective partitioning of users for the purposes of integrity (confidentiality is another question given our default permissions :-), providing the application with unfettered access to your X display does a lot to undo those benefits. At one point, I was using Xnest as a target display for SSH sessions to untrusted workstations. While it was not designed for that (and probably needs auditing), it's a step forwards. Assigning an Xnest per virtual uid would reflect the kernel-visible partitioning scheme. There are been a number of attempts at CMW (Compartmental Mode Workstations) X environments that prevent control/information leakage between labeled processes, but those have some practicality limits (aside from not being available freely :-). I was also told at one point that the new Broadway X Windows would have facilities for isolating and limiting the scope of particular applications, with things like web browsing, untrusted clients, etc, in mind. Not sure if anything came of that. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001001095522.53359A-100000>