[Meego-security-discussion] Backing up (was: MeeGo Security Goals)
Yves-Alexis Perez
corsac at debian.org
Mon Apr 18 13:08:48 PDT 2011
On sam., 2011-04-16 at 22:00 +0200, Rene Mayrhofer wrote:
> > 3. Sandboxing of built-in apps to limit damage from exploits. A lot
> > less clear to me. What does "limit" mean? Are app-specific
> > mechanisms (c.f. chromium) acceptable? Does this devolve into the
> > SELinux "script out permissions sets for every app" model, or is there
> > something more generic?
> App-specific methods do not seem acceptable to me, as most of the apps
> will not implement them. Make it easy for app developers at the cost of
> more complexity in the base would be my clear suggestion.
And that doesn't mean default apps (provided by the vendor) don't have
to use special care for security (chromium seccomp sandbox comes to
mind).
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.meego.com/pipermail/meego-security-discussion/attachments/20110418/320c852b/attachment.pgp>
More information about the MeeGo-security-discussion
mailing list