From owner-freebsd-hackers  Sat Jun  1 16:35:55 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
	by hub.freebsd.org (Postfix) with ESMTP id 126CA37B404
	for <freebsd-hackers@freebsd.org>; Sat,  1 Jun 2002 16:35:52 -0700 (PDT)
Received: from pool0474.cvx22-bradley.dialup.earthlink.net ([209.179.199.219] helo=mindspring.com)
	by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17EIPK-00026r-00; Sat, 01 Jun 2002 16:35:38 -0700
Message-ID: <3CF95A29.B4FE2078@mindspring.com>
Date: Sat, 01 Jun 2002 16:35:05 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Niels Provos <provos@citi.umich.edu>
Cc: karin@root66.org, freebsd-hackers@FreeBSD.ORG,
	bfischer@Techfak.Uni-Bielefeld.DE
Subject: Re: sandboxing untrusted binaries
References: <20020531105059.GA720_no-support.loc@ns.sol.net> <20020531165629.H86421_root66.org@ns.sol.net> <20020601232254.GE19245@citi.citi.umich.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Niels Provos wrote:
> > I suggest getting over the illusion hackers won't be able to hack the
> > system if you narrow them a bit, the binaries you run still need
> > capabilities to correctly function, which are always enough to hack the
> > system.
> This is not correct either.  There is no illusion here.  Please, give
> me an example where the capabilities needed "are always enough to hack
> the system."  Say gaim or opera.

Any application whose call subset is still von Neumann complete
is capable of being hacked to implement any program, if it is
capable of being hacked.

Sand-boxing strikes me as a way to close the the hen house with
the weasel inside: it doesn't do anything for the chickens.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message