Date: Fri, 31 May 2002 12:10:51 +0100 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>, Frank van Vliet <karin@root66.org> Cc: freebsd-hackers@freebsd.org Subject: Re: sandboxing untrusted binaries Message-ID: <5.0.2.1.1.20020531115739.029e9490@popserver.sfu.ca> In-Reply-To: <20020531105059.GA720@no-support.loc> References: <20020531040714.G86421@root66.org> <20020530025817.GA4390@no-support.loc> <20020531040714.G86421@root66.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:50 31/05/2002 +0200, Bjoern Fischer wrote: >systrace is not for sandboxing users but for sandboxing untrusted >binaries. Such as netscape for example. Of course you never would >run netscape as root. But you may even consider your "normal" user >privileges as too powerful (reading PGP-Keys, tampering .rhosts or >xauth, deleting you reports). I think even more useful than sandboxing netscape would be sandboxing netscape (or other application) plugins. I'd certainly be much more willing to download and run the foo-reader plugin from 31337 enterprises if I knew that it would be unable to make any system calls beyond those necessary to interface with the owning application. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20020531115739.029e9490>