[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: process confinement for internal app security
From: "ross mcginnis" <ross_mcginnis () hotmail ! com>
Date: 2005-11-30 8:00:37
Message-ID: BAY103-F2E385E24075EBAD81F32C974A0 () phx ! gbl
[Download RAW message or body]
Hello,
I'm the author of Kamibroke, an accounting application with a KPart
architecture. It is anticipated that the app will allow users to download
and install new KParts from third parties on the web. Because Kamibroke is
a financial app security is paramount. Therefore it needs to be able to
severely confine the process that these KParts run in. It should to be able
to deny the parts any access to the file system and deny any overt
communication channels. Also it should deny/limit as many covert channels
as possilble.
What techniques are there available to deny a process access to the file
system under standard linux (not SELinux)? I alreadly know about the
chroot() jail method.
What other general confinement methods are there?
Thanks
Ross McGinnis
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic