On Sun, Nov 13, 2005 at 11:14:23AM +0200, Oded Arbel wrote: > I'm not sure what the MS guys are doing, but if I were them I would run > the networking code with no file system permissions. The up side of > running everything in a VM(*) is that you don't have to link in file > system operations for a program that isn't supposed to use them, so > even if you buffer overflow the program you can't cause it to do stuff > that it isn't supposed to be doing.
There are many ways to do it that don't require VMs. Examples include SELinux rules and Niels Provos's systrace. Also, check out Andrea Arcangeli's cpushare[0], and specifically seccomp[1]. [0] http://www.cpushare.com/about [1] http://kernel.org/hg/linux-2.6/?cmd=file;file=kernel/seccomp.c;filenode=e872174f0339a7410f6d429bb5318426f59ed569 -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
