Autostart and MAC security
Mike Hearn
mike at plan99.net
Mon Feb 27 20:04:56 EET 2006
On Mon, 2006-02-27 at 16:47 +0100, Francois Gouget wrote:
> Hmm, this would only work if you use SE-Linux and would only prevent one
> way for applications to auto-start when there are dozens other ways to
> achieve the same effect (you missed hacking the StartMenus, the Desktop
> icons, XDG/Mailcap/KDE/Gnome MIME associations, hacking $PATH, etc).
Well, the idea is that long term programs would not be able to modify
config files at all unless explicitly authorized (by the operating
system developers). So Wine should not be able to modify the ~/.firefox
and vice-versa. MAC security is usually based on the idea of denying
everything, then selectively allowing certain actions.
Also SELinux is not the only such framework, there is also AppArmor and
PAX on Linux, Core Force on Windows ...
> It's worse than that. As soon as you run any untrusted piece of code,
> even in your account, it is game over for your account.
Today, yes, but I think one long term aim should be to change that.
Users clearly _do_ run less trustworthy code in their accounts all the
time, because there's no real way to determine if a program is "evil" or
not ahead of time. It's possible to make an OS robust against this
reality, so we may as well start evolving Linux in this direction
now ...
thanks -mike
More information about the xdg
mailing list