Re: PolicyKit and malware, was: What I HATE about F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 23, 2009 at 12:34:17PM -0400, David Zeuthen wrote:
>  1. The person in front of the system really is the logged-in user
>     and authorizes an action
[..]
> An example where 1. is useful includes, funny enough, a last guard
> against having malware dial 1-900 numbers in other countries at $50 per
> hour - e.g. NetworkManager should only allow connections previously
> marked as trusted to use the modem to dial out.

This would be better solved by confining code to performing particular
actions depending on its origin.  Just because some code/malware
happens to be running under your UID doesn't mean it should be able to
do everything.  It ought to be limited by the provenance of the code.

As a simple example: _NO_ code that comes from some random website
should dial out to _any_ number.

I'm assuming that this is something SELinux can either do now, or else
the SELinux developers are thinking about it ('coz I know from
personal experience that they're smart people).

Rich.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux