| |||||||||||||
FBAC-LSMFBAC-LSMPosted Jan 14, 2010 12:40 UTC (Thu) by Trou.fr (subscriber, #26289)Parent article: FBAC-LSM
I really think Linux should have a mainline sandbox that can be used easily by non-root users to confine untrusted or exposed applications easily.
Since now the main threat for a desktop system is the browser/mail client, it makes no sense to run it with the same priviledges as the logged in user, where it can effectively access all the critical data.
Windows malwares have been doing ransom blackmail : pay me to decrypt your important files I have found on your hard drive. Microsoft did make the good choice with the lower privilege mode introducted with IE7 in Vista.
Actually the chromium sandbox seems great, i would need a standalone version, maybe Google could release it separately.
(Log in to post comments)
Links Posted Jan 14, 2010 17:01 UTC (Thu) by mstone (subscriber, #58824) [Link] Trou.fr wrote:I really think Linux should have a mainline sandbox that can be used easily by non-root users to confine untrusted or exposed applications easily.You don't seem to be alone in this opinion: sandboxing.org catalogues the work of several tens of people who feel the same way and who are looking for ideas and help on making their work more accessible. Start some conversations with them!
FBAC-LSM Posted Jan 15, 2010 16:00 UTC (Fri) by SEJeff (subscriber, #51588) [Link]
You need to look into lxc, it isn't technically a sandbox, but not far from
it. It is closer to a solaris zone than anything else.
|
|||||||||||||