On 28/10/2014, Daniel Camolês <bigat...@gmail.com> wrote: > Capability mode would require the target operating system to have this > kind of feature.
Yes. Capsicum [1] works on FreeBSD and Linux and is being ported to OpenBSD. Plan 9 already has its own security model [2]. > Given a world that have more than one operating > system working on people's computers, maybe it is simpler to port a vm > than implement capability mode everywhere? VM is an option, tho a less versatile one. We could use capabilities where available and VM elsewhere. >> Most program distribution systems what I know share this problem. It >> is the user's responsibility to properly confine untrusted code. > > Well, I can't say that to the grandma who wants to see her grandsons > pictures on the Internet. No, but you can install a trusted graphics viewer program. [1] http://www.cl.cam.ac.uk/research/security/capsicum/ [2] http://plan9.bell-labs.com/sys/doc/auth.html
