Untrusted content domain
Mike Hearn
mike at navi.cx
Tue May 10 23:52:09 UTC 2005
On Tue, 10 May 2005 19:12:01 -0400, Ivan Gyurdiev wrote:
> In any case, I have a very concrete, and small proposal here, not
> something in the distant future:
OK, it all seems sensible.
> 1) A common type is needed for downloads.
>
> 2) That common type can't be ROLE_home_t, for security purposes.
> It shouldn't be ROLE_mozilla_home_t, or something like that either,
> that's used for other stuff - it should be a new type, dedicated
> to downloads.
>
> 3) Once a common type is created, it can be used for various fun things,
> such as virus protection. Programs can be prevented from accessing
> content of this type in certain ways by the sysadmin....for example
> to prevent people from executing hostile content from the net.
Would it be OK to figure out a certain set of permissions that is OK for
random untrusted software to use. For instance Flash developers get a lot
of milage out of the ability to write fun games that operate entirely
inside the Flash sandbox which is pretty restrictive, it seems like there
should be some level of control we can give programs so that humanities
innate urge to distribute electronic greetings cards can be satisifed
securely :)
The thing I'm not really sure about is why preventing programs from
accessing downloaded data files is useful. If you know you can overflow a
program with malicious data the only sure protection is to fix the app,
right? It seems a bit different to viruses which are actually programs.
thanks -mike
More information about the fedora-selinux-list
mailing list