[ubuntu-uk] Ubuntu (linux) vulnerabilty?? Comment please

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Wed Jun 20 14:07:20 BST 2007


Quoting Kris Marsh <moogman at gmail.com>:

> On 6/20/07, Chris Rowson <christopherrowson at gmail.com> wrote:
>> This topic makes me think though.
>>
>> Wouldn't isolating all net enabled applications in this manner pretty
>> much secure linux? Why aren't distributions running like this as
>> standard?
>>
>> Chris
>>
>> --
>> ubuntu-uk at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
>> https://wiki.kubuntu.org/UKTeam/
>>
>
>
> Security vs Usability.
>
> If you run your browser under a separate user you wont, for example,
> be able to save files to your home directory.
>
> In principle though yes, it would be nice if each app that faces an
> untrusted network was in their own separate user space or jail.

OK then, why not something like this:

1) App is installed into it's own Jail
2) A link is setup from given directories in each app's jail to  
/downloads which is read only.
3) Any documents downloaded are saved to the dir in the jail, but can  
be access by any user via /downloads and copied from there to a home  
dir.
4) a cron job runs once a day and cleans out any files that are still  
in /downloads for security purposes.

Just a thought,

M.



-- 
Matthew Macdonald-Wallace
Group Co-Ordinator
Thanet Linux User Group
http://www.thanet.lug.org.uk/
matthew at truthisfreedom.org.uk
GPG KEY: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFEA1BC16




More information about the ubuntu-uk mailing list