[LinuxUsers] Linux desktop PC hardware recommendations

David Kaiser dkaiser at cdk.com
Fri Nov 28 07:29:27 UTC 2008 

So, all that a nefarious process would have to do is *not* inform the
kernel that is was running un-sourcable code, and you would never know.

That's like asking criminals to report their offenses to the police.  It
makes complete sense.


Michael Sokolov wrote:
> Dante Lanznaster <dantecl at gmail.com> wrote:
> 
>> Believe me, you'll want a x86 platform to run youtube videos... (it needs
>> the flash plugin)
>>
>> FLASH! you know, that one from Adobe!
> 
> I've already figured as much.
> 
> Has anyone already come up with a mechanism to run these f***ing closed
> source binary plugins in some kind of severely restricted "jail"
> environment where the untrusted code is blocked from accessing any
> system resources which aren't on a pre-approved list?  I'm thinking
> along the lines of something like this: a process makes a special system
> call which tells the kernel "I'm about to run untrusted binary code for
> which we have no source", and from that point on the kernel sets some
> special flag marking the process as untrusted.  The untrusted process is
> then prohibited from using any system calls which aren't on a
> pre-approved list, from accessing any files outside a pre-approved list,
> and from accessing any network resources outside of another pre-approved
> list.  Has anyone already created something like this, or am I going to
> have to hire someone with NSA-level security experience to custom-design
> it for me from scratch?
> 
> Developing this idea further, if I want to treat all closed source
> binary x86 code as untrusted and dangerous (which is indeed my security
> policy) and run it only in special restricted "jail" environments like
> I've described, it probably wouldn't be that much extra effort to make
> this "jail" environment in the form of a software-based x86 instruction
> set emulator running on a machine whose native architecture could be
> completely different...
> 
> MS
> _______________________________________________
> LinuxUsers mailing list
> LinuxUsers at socallinux.org
> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers

More information about the LinuxUsers mailing list