Untrusted content domain
Mike Hearn
mike at navi.cx
Tue May 10 19:30:47 UTC 2005
On Mon, 09 May 2005 16:57:06 -0400, Ivan Gyurdiev wrote:
> The untrusted_content part of this is a proposal for a type to be used
> to mark things downloaded from the Internet that cannot be trusted
> (hence..untrusted). The idea is that various web browsers, p2p clients,
> etc. will use this type to store content.
OK. What problem are we trying to solve here, exactly: that users want to
run programs they download in some kind of quarantine zone? Or is the idea
that actual data files may be problematic and need to be kept from other
programs? I can't see any system that requires freeing data files being
successful, people download way too many, but programs maybe ...
It seems that the most common type of program to download and run is an
installer or package. Right now they [usually] need root to work, but
figuring out exactly what privs an installer or package really needs would
probably be a good idea.
Can you give some use cases where this sort of untrusted content type
prevents Bob from damaging or accidentally subverting his system?
thanks -mike
More information about the fedora-selinux-list
mailing list