On 28/10/2014, Daniel Camolês <bigatojj_AT_gmail.com> wrote:
> Capability mode would require the target operating system to have this
> kind of feature.
Yes.
Capsicum [1] works on FreeBSD and Linux and is being ported to OpenBSD.
Plan 9 already has its own security model [2].
> Given a world that have more than one operating
> system working on people's computers, maybe it is simpler to port a vm
> than implement capability mode everywhere?
VM is an option, tho a less versatile one. We could use capabilities
where available and VM elsewhere.
>> Most program distribution systems what I know share this problem. It
>> is the user's responsibility to properly confine untrusted code.
>
> Well, I can't say that to the grandma who wants to see her grandsons
> pictures on the Internet.
No, but you can install a trusted graphics viewer program.
[1]
http://www.cl.cam.ac.uk/research/security/capsicum/
[2]
http://plan9.bell-labs.com/sys/doc/auth.html
Received on Wed Oct 29 2014 - 01:04:23 CET