Posted Jan 14, 2010 12:40 UTC (Thu) by Trou.fr (subscriber, #26289)
Parent article: FBAC-LSM
I really think Linux should have a mainline sandbox that can be used easily by non-root users to confine untrusted or exposed applications easily.
Since now the main threat for a desktop system is the browser/mail client, it makes no sense to run it with the same priviledges as the logged in user, where it can effectively access all the critical data.
Windows malwares have been doing ransom blackmail : pay me to decrypt your important files I have found on your hard drive. Microsoft did make the good choice with the lower privilege mode introducted with IE7 in Vista.
Actually the chromium sandbox seems great, i would need a standalone version, maybe Google could release it separately.