[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POSIX
From: |
Jonathan S. Shapiro |
Subject: |
Re: POSIX |
Date: |
Wed, 26 Oct 2005 09:29:50 -0400 |
On Wed, 2005-10-26 at 13:04 +0200, Alfred M. Szmidt wrote:
> I would agree with that, but for me this is mostly about security.
> It would be nice to be able to run potentially hostile
> applications, but it takes a lot of trouble, and then still you're
> not sure if it's ok.
>
> It takes very little trouble, you can do this with the Hurd right now,
> sub-hurds.
I am not sure exactly what is included in a sub-hurd, but I infer that
it is a more comprehensive extension of a chroot-jail.
Observation: Security that relies on explicit user action in order to
achieve protection comes too late. By the time you realize you need it,
you are already compromised. Secure behavior must be the default.
Implication:
If the sub-hurd is going to be the basic mechanism of security, then
EVERY new execution of every application should be performed in a
freshly instantiated sub-hurd.
So: how does the latency of forming a sub-hurd compare to the latency of
fork()?
shap
- POSIX (was: Re: Let's do some coding :-) ), (continued)
- POSIX (was: Re: Let's do some coding :-) ), olafBuddenhagen, 2005/10/24
- Re: POSIX (was: Re: Let's do some coding :-) ), Alfred M\. Szmidt, 2005/10/25
- Re: POSIX (was: Re: Let's do some coding :-) ), Marcus Brinkmann, 2005/10/25
- Re: POSIX, olafBuddenhagen, 2005/10/25
- Re: POSIX, Marcus Brinkmann, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX,
Jonathan S. Shapiro <=
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Ronald Aigner, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/27
- Re: POSIX, Jonathan S. Shapiro, 2005/10/27