From: rog@vitanuova.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Inferno plug-in security
Date: Fri, 15 Jun 2001 13:26:49 +0100 [thread overview]
Message-ID: <20010615121808.9F1A119A1D@mail.cse.psu.edu> (raw)
[-- Attachment #1: Type: text/plain, Size: 696 bytes --]
yes, that's a possible type of approach, but i detect a certain amount
of handwaving in your description... restricting the accessible
directories, or even read/write access to them, is probably not
sufficient. (it couldn't give you selective access to different IP
addresses, for example).
and there still remains the question of how to deal with module signing
(which is necessary, in some form, even if you've got verified Dis, to
prevent a module from creating its own Dis module (unverified) and
calling that).
as i said before, there are some difficult security issues that need to
be resolved before we do it, none of which have obvious solutions.
cheers,
rog.
[-- Attachment #2: Type: message/rfc822, Size: 2555 bytes --]
To: <cse.psu.edu!9fans>
Subject: [9fans] Inferno plug-in security
Date: Fri, 15 Jun 2001 14:47:38 +0300
Message-ID: <EE9F3A089F0B01499C5782E7CFA9352708B76E@hkisrv08.teleware.fi>
> like: what happens if someone puts a limbo app on a web page that
takes
> up no screen space, but dials out and does nefarious things (e.g.
> taking part in a DDOS attack).
Why don't you just give the plug-in user a simple configuration
interface to control what directories the plug in is allowed to access,
and in what ways (read/write/etc..)? This configuration could work
dynamically and popped up when non-existing directories are trying to be
opened during the execution of the plug-in.
Any file system "object" which is too liberal in its standard form can
be "stacked by"/"inherited to" a new restricted/augmented/modified
version. A selection of these can be provided with the plug-in,
programmed by the user, or done by a third party, maybe mounted from
elsewhere in the network.
next reply other threads:[~2001-06-15 12:26 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-06-15 12:26 rog [this message]
-- strict thread matches above, loose matches on Subject: below --
2001-06-30 4:55 David Gordon Hogan
2001-06-20 13:57 anothy
2001-06-20 12:01 Anssi Porttikivi
2001-06-20 12:08 ` Matt
2001-06-19 18:30 erik quanstrom
2001-06-19 17:12 anothy
2001-06-29 21:57 ` Boyd Roberts
2001-06-29 22:12 ` Matt
2001-06-29 22:30 ` Boyd Roberts
2001-06-29 22:48 ` Matt
2001-06-29 23:22 ` Boyd Roberts
2001-06-19 14:02 Anssi Porttikivi
2001-06-18 15:32 anothy
2001-06-18 14:53 Anssi Porttikivi
2001-06-15 11:47 Anssi Porttikivi
2001-06-17 15:08 ` Matt
2001-06-19 10:44 ` Rome Huang
2001-06-21 16:46 ` Rome Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010615121808.9F1A119A1D@mail.cse.psu.edu \
--to=rog@vitanuova.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).