From: | "Thomas D." <whissi@××××××.de> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] Re: RFC: enabling ipc-sandbox & network-sandbox by default | ||
Date: | Thu, 15 May 2014 18:35:49 | ||
Message-Id: | 537508FD.4000209@whissi.de | ||
In Reply to: | Re: [gentoo-dev] Re: RFC: enabling ipc-sandbox & network-sandbox by default by Ciaran McCreesh |
1 | Hi, |
2 | |
3 | Ciaran McCreesh wrote: |
4 | > Sandboxing isn't about security. It's about catching mistakes. |
5 | |
6 | From Wikipedia |
7 | (http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29): |
8 | > In computer security, a sandbox is a security mechanism for |
9 | > separating running programs. It is often used to execute untested |
10 | > code, or untrusted programs from unverified third-parties, |
11 | > suppliers, untrusted users and untrusted websites |
12 | |
13 | network-sandbox is using unshare() syscalls to separate... not? |
14 | |
15 | But when I wrote my mail I was referring to Michal's statements in |
16 | <http://thread.gmane.org/gmane.linux.gentoo.devel/91131>. He is |
17 | explicitly listing "improving security"... |
18 | |
19 | |
20 | -Thomas |
Subject | Author |
---|---|
Re: [gentoo-dev] Re: RFC: enabling ipc-sandbox & network-sandbox by default | Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> |