| |||||||||||||
SanboxingSanboxingPosted Feb 2, 2010 0:35 UTC (Tue) by jamesmrh (guest, #31622)In reply to: Sanboxing by cmccabe Parent article: Security in the 20-teens It's a Fedora 12 feature. I think it'd be useful to transparently sandbox some applications, and then perhaps break the sandbox if the user initiates an action which requires access outside. e.g. all pdf viewing is sandboxed by default, but if the user wants to save the file, the sandbox is disabled for that access (need to ensure that the user clicked save w/ trusted path). Complex apps like firefox are more difficult, but not impossible. One of the points that was advanced in favor of seccomp was that there's no "off switch" like there is for seLinux Disabling SELinux can be prevented (modulo kernel bugs).
(Log in to post comments)
Sanboxing Posted Feb 2, 2010 10:02 UTC (Tue) by nix (subscriber, #2304) [Link]
But about half the security holes on a Linux system *are* kernel bugs, and they're particularly nasty to fix because they require a reboot (which almost no other security fix does). So all an attacker waiting to own a system has to do is wait until a vulnerability window opens but you haven't rebooted, and then attack. Brad Spengler has demonstrated just how fast an exploit can be whipped up in that situation by someone with sufficient skill (and I'm quite certain major governments employ a good few such people).
|
|||||||||||||