[wuug-list] [wuug-forum] ezod: Standalone WM, anyone?
BJ Blanchard
linuxonly at gmail.com
Tue Jan 22 11:28:23 PST 2008
I wouldn't agree with "that's all we have available now". We have LIDS
(linux intrusion detection system) - most people don't know this, but
you can use LIDS to make it impossible to access virtually any object
(file, raw device, memory, I/O) - even as the root user. Its considered
by some to be "a complete security model implementation for the linux
kernel.".
It takes a little work to learn/configure - but you can lock down
anything you want..
BJ.
On Tue, 2008-01-22 at 13:41 -0500, Matt Draisey wrote:
> I wish the kernel would provide a standard sandboxing framework for
> working with untrusted data and scripts. Nobody is going to chroot
> their web browser or run it under a completely separate user account ---
> that's all we have available now.
>
> Matt
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.wuug.org/pipermail/wuug-list_wuug.org/attachments/20080122/e9b1b48e/attachment.html
More information about the wuug-list
mailing list