From owner-freebsd-security@FreeBSD.ORG Thu Jul 17 02:36:05 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A49F1065675 for ; Thu, 17 Jul 2008 02:36:05 +0000 (UTC) (envelope-from chris@noncombatant.org) Received: from strawberry.noncombatant.org (strawberry.noncombatant.org [64.142.6.126]) by mx1.freebsd.org (Postfix) with ESMTP id BC0638FC14 for ; Thu, 17 Jul 2008 02:36:04 +0000 (UTC) (envelope-from chris@noncombatant.org) Received: from blueberry-2.local (unknown [64.142.6.126]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by strawberry.noncombatant.org (Postfix) with ESMTPSA id 2B903866810; Wed, 16 Jul 2008 19:36:04 -0700 (PDT) Message-ID: <487EB013.9090706@noncombatant.org> Date: Wed, 16 Jul 2008 19:36:03 -0700 From: Chris Palmer User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: Matt Reimer , freebsd-security@freebsd.org References: In-Reply-To: X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: A new kind of security needed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 02:36:05 -0000 Matt Reimer wrote: > Is anyone else nervous trusting all his programs to have access to all > his files? Is there already a reasonable solution to this problem? http://www.cis.upenn.edu/~KeyKOS/Confinement.html http://cr.yp.to/qmail/qmailsec-20071101.pdf Also: CapDesk, Bitfrost, systrace, EROS/Coyotos In general, solutions have proven to be vaporware, very burdensome to use (systrace), or reduced in scope (Bernstein's single-source transforms). The success rate is not zero, though, and I too crave a solution...