LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Sanboxing

Sanboxing

Posted Feb 2, 2010 0:35 UTC (Tue) by jamesmrh (guest, #31622)
In reply to: Sanboxing by cmccabe
Parent article: Security in the 20-teens

It's a Fedora 12 feature.

I think it'd be useful to transparently sandbox some applications, and then perhaps break the sandbox if the user initiates an action which requires access outside.

e.g. all pdf viewing is sandboxed by default, but if the user wants to save the file, the sandbox is disabled for that access (need to ensure that the user clicked save w/ trusted path). Complex apps like firefox are more difficult, but not impossible.

One of the points that was advanced in favor of seccomp was that there's no "off switch" like there is for seLinux

Disabling SELinux can be prevented (modulo kernel bugs).

(Log in to post comments)

Sanboxing

Posted Feb 2, 2010 10:02 UTC (Tue) by nix (subscriber, #2304) [Link]

But about half the security holes on a Linux system *are* kernel bugs, and they're particularly nasty to fix because they require a reboot (which almost no other security fix does). So all an attacker waiting to own a system has to do is wait until a vulnerability window opens but you haven't rebooted, and then attack. Brad Spengler has demonstrated just how fast an exploit can be whipped up in that situation by someone with sufficient skill (and I'm quite certain major governments employ a good few such people).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds