From kde-devel  Wed Nov 30 08:00:37 2005
From: "ross mcginnis" <ross_mcginnis () hotmail ! com>
Date: Wed, 30 Nov 2005 08:00:37 +0000
To: kde-devel
Subject: process confinement for internal app security
Message-Id: <BAY103-F2E385E24075EBAD81F32C974A0 () phx ! gbl>
X-MARC-Message: https://marc.info/?l=kde-devel&m=113333768204009

Hello,
I'm the author of Kamibroke, an accounting application with a KPart 
architecture.  It is anticipated that the app will allow users to download 
and install new KParts from third parties on the web.  Because Kamibroke is 
a financial app security is paramount.  Therefore it needs to be able to 
severely confine the process that these KParts run in.  It should to be able 
to deny the parts any access to the file system and deny any overt 
communication channels.  Also it should deny/limit as many covert channels 
as possilble.

What techniques are there available to deny a process access to the file 
system under standard linux (not SELinux)?  I alreadly know about the 
chroot() jail method.

What other general confinement methods are there?

Thanks
Ross McGinnis


 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<