Archives
Archives
| From: | "Thomas D." <whissi@××××××.de> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] Re: RFC: enabling ipc-sandbox & network-sandbox by default | ||
| Date: | Thu, 15 May 2014 18:35:49 | ||
| Message-Id: | 537508FD.4000209@whissi.de | ||
| In Reply to: | Re: [gentoo-dev] Re: RFC: enabling ipc-sandbox & network-sandbox by default by Ciaran McCreesh |
||
| 1 | Hi, |
| 2 | |
| 3 | Ciaran McCreesh wrote: |
| 4 | > Sandboxing isn't about security. It's about catching mistakes. |
| 5 | |
| 6 | From Wikipedia |
| 7 | (http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29): |
| 8 | > In computer security, a sandbox is a security mechanism for |
| 9 | > separating running programs. It is often used to execute untested |
| 10 | > code, or untrusted programs from unverified third-parties, |
| 11 | > suppliers, untrusted users and untrusted websites |
| 12 | |
| 13 | network-sandbox is using unshare() syscalls to separate... not? |
| 14 | |
| 15 | But when I wrote my mail I was referring to Michal's statements in |
| 16 | <http://thread.gmane.org/gmane.linux.gentoo.devel/91131>. He is |
| 17 | explicitly listing "improving security"... |
| 18 | |
| 19 | |
| 20 | -Thomas |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] Re: RFC: enabling ipc-sandbox & network-sandbox by default | Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> |