On Sun, 2005-03-20 at 22:02 -0500, Colin Walters wrote: > On Sun, 2005-03-20 at 18:47 -0500, Gregory Maxwell wrote: > > On Sun, 20 Mar 2005 23:29:12 +0000, Mike Hearn <mike@xxxxxxx> wrote: > > > Right. Actually I have a prototype SELinux "quarantine zone" policy file > > > open in emacs right now. I've been writing a packaging/installer system > > > for a while and the spyware question is common enough to be in the FAQ: > > > > What would be neat is for somone to make a version of GLIBC that can > > live inside a seccomp jail, a little loader that can prelink an > > executable with that glibc and put it in the jail, and an interface > > that lets you "yes / no" syscalls. :) > > Prompting the user for access control decisions at the level of system > calls is not useful unless your target audience is solely "Linux kernel > developer"; i.e. .01% of Fedora users at best. Even at a much higher > level you have to assume that if you prompt for this kind of stuff, 50% > of the time they're going to get it wrong. I think you mean 99.9% ;-) Havoc
