On Thu, 17 Jul 2008, Patrick Proniewski wrote:
Absolutely. Right now, I use different logins for different things (casual
web surfing, financial stuff, snd work), but it's inconvenient and far from
fullproof.
Capabilities or MAC systems could be used here -- someone just has to put
in the work to make it happen.
What about sandbox/chroot ? Apple has designed such a system for Mac OS X
10.5, and even if it's not fully functional now, it's probably interesting.
<http://developer.apple.com/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html>
And, interestingly, the Mac OS X Sandbox parts are based on the TrustedBSD MAC
Framework that was first developed on FreeBSD and later port to Mac OS X.
However, Sandbox is not open source, and does rely on the reliability of
pathnames, which on UFS (and even HFS+) is a bit of a tricky issue.
FWIW, I have some work in progress on the capability front, but it's a highly
complex issue that will take years to work through properly. Unfortunately,
the real issue isn't so much the OS primitives as building up a non-trivial
application base that uses them. Providing primitives to subdivie
applications isn't easy, but once you've done that you still have to rewrite
lots of applications to take advantage of it, and in a way that shows a lot
more application programmer discipline. It's not clear to me that the
pressure is there to make feature-driven application development for major
desktop applications adopt techniques of this sort.
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
