bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A niche for the Hurd - next step: reality check


From: Arne Babenhauserheide
Subject: Re: A niche for the Hurd - next step: reality check
Date: Fri, 21 Nov 2008 05:17:33 +0100
User-agent: KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; )

Am Donnerstag 20 November 2008 23:36:40 schrieb Michal Suchanek:
> Still you should get as much security as practical because you never
> know in advance what is a threat, and it's the default barriers on
> which you rely for mitigating yet unidentified threats. The UNIX
> concept simply does not make security practical. Or at least I have
> not seen an extension to it that does.

How about the subdo idea? 

Just open all applications with a reduced permission set and add the option of 
giving additional permissions. 

You can do permissions much more practical, for example not allowing any 
writes except for specific programs. 

Or just oneshot permissions: "OK, now you'll be in group X for 1 minute / your 
next action"

(though "your next action" is hard to measure)

Best wishes, 
Arne
-- 
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the 
history of free software.
-- Ein W├╝rfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.

-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]