Is anyone else nervous trusting all his programs to have access to all his files? Is there already a reasonable solution to this problem? It makes me nervous for, say, Firefox and its plugins to be able to read and write every file I own, whether it's gnucash, ~/.ssh, or other sensitive files. Programs could be set up to run under their own uids, but this is cumbersome, especially in a desktop environment. One possibility would be to "filewall" off a program--say, Firefox--so that of all my uid's files Firefox is only able to read or write ~/.mozilla. If we had app signatures like it seems OS X does, then maybe a "filewall" MAC module could use extended attributes to grant access to files based on the app's signature. Permission could be granted to the application to access other files through a special file picker, so the user is always in control. Thoughts? Matt
Matt Reimer wrote:> Is anyone else nervous trusting all his programs to have access to all > his files? Is there already a reasonable solution to this problem?http://www.cis.upenn.edu/~KeyKOS/Confinement.html http://cr.yp.to/qmail/qmailsec-20071101.pdf Also: CapDesk, Bitfrost, systrace, EROS/Coyotos In general, solutions have proven to be vaporware, very burdensome to use (systrace), or reduced in scope (Bernstein's single-source transforms). The success rate is not zero, though, and I too crave a solution...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Is anyone else nervous trusting all his programs to have access to all > his files? Is there already a reasonable solution to this problem? > > It makes me nervous for, say, Firefox and its plugins to be able to read > and write every file I own, whether it's gnucash, ~/.ssh, or other > sensitive files.Absolutely. Right now, I use different logins for different things (casual web surfing, financial stuff, snd work), but it's inconvenient and far from fullproof. Capabilities or MAC systems could be used here -- someone just has to put in the work to make it happen. -Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQFIfuWdswXMWWtptckRAui7AJoDPimy9czlyCRbPcDMTK0XzZ9GIgCg2u0z CQweJjrVQz2fV3xNH5ML50M=G2pt -----END PGP SIGNATURE-----