Useful sandboxing for privilege separation

Posted Jan 27, 2005 11:13 UTC (Thu) by hmh (subscriber, #3838)
In reply to: Securely renting out your CPU with Linux by ttonino
Parent article: Securely renting out your CPU with Linux

Exactly. Add some read/write-related syscals (epool, select, pool, shutdown, fseek and friends, ioctl, mmap of already open FDs...), plus signal handling, and this code would really be useful to create worker children that simply cannot step outside of their very strict bounds.

Give it two security levels (the first one does not give access to seek, ioctl or mmap, or any other non-socket operations), and it would still be useful for grid computing.

It is a pretty exiting idea, overall. AND it is something we can use everywhere when available easily, unlike SELinux.

Useful sandboxing for privilege separation

Posted Jan 27, 2005 16:01 UTC (Thu) by MathFox (guest, #6104) [Link]

What you are talking about are actually "Process based access controls" that implement a security policy on a per-process basis.
I do think that it is great to have something like that in the kernel, but the present patch is a bit crude. (Can it run an embedded Acrobat Reader in a browser-controlled sandbox?) We'll need some discussion about the design and desired functionality.