On 17 juil. 08, at 08:24, Jason Stone wrote:
Is anyone else nervous trusting all his programs to have access to
all his files? Is there already a reasonable solution to this
problem?
It makes me nervous for, say, Firefox and its plugins to be able to
read and write every file I own, whether it's gnucash, ~/.ssh, or
other sensitive files.
Absolutely. Right now, I use different logins for different things
(casual web surfing, financial stuff, snd work), but it's
inconvenient and far from fullproof.
Capabilities or MAC systems could be used here -- someone just has
to put in the work to make it happen.
What about sandbox/chroot ?
Apple has designed such a system for Mac OS X 10.5, and even if it's
not fully functional now, it's probably interesting.
<http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html
>
patpro
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
