[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    process confinement for internal app security
From:       "ross mcginnis" <ross_mcginnis () hotmail ! com>
Date:       2005-11-30 8:00:37
Message-ID: BAY103-F2E385E24075EBAD81F32C974A0 () phx ! gbl
[Download RAW message or body]

Hello,
I'm the author of Kamibroke, an accounting application with a KPart 
architecture.  It is anticipated that the app will allow users to download 
and install new KParts from third parties on the web.  Because Kamibroke is 
a financial app security is paramount.  Therefore it needs to be able to 
severely confine the process that these KParts run in.  It should to be able 
to deny the parts any access to the file system and deny any overt 
communication channels.  Also it should deny/limit as many covert channels 
as possilble.

What techniques are there available to deny a process access to the file 
system under standard linux (not SELinux)?  I alreadly know about the 
chroot() jail method.

What other general confinement methods are there?

Thanks
Ross McGinnis


 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]