Sandboxing...

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
fullmoonremix

Sandboxing...

Post#1 by fullmoonremix » 12 Jan 2016, 04:27

Salutations... :good:

I decided to expand this post from "Derivatives" to a full blown thread... :unknown:
Can you perhaps give me a real life scenario I can get my head around?
@brokenman... I revised my previous post. :wink:
Consider this real world example... OpenSSL has well documented exploits (because it's... "compromised by design?").
So this begs the question... if you reboot (w/ fresh mode) a compromised binary don't those compromises also reboot?

However... if sandboxed with patches and/or nanokernels the exploits can be eliminated and/or contained.
And any errors introduced by inferior and/or malicious code will NOT destablize/crash the system (hence... "fault tolerance").
http://forum.porteus.org/viewtopic.php? ... ned#p40847

Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Security-focused operating system
Address space layout randomization: Linux

Best Regards... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 20 May 2016, 13:37, edited 1 time in total.

Evan
Shogun
Shogun
Posts: 466
Joined: 11 Apr 2016, 09:00
Distribution: Distribution: *

Re: Sandboxing...

Post#2 by Evan » 20 May 2016, 07:17

<removed>
Last edited by Evan on 24 Jun 2016, 11:31, edited 1 time in total.

fullmoonremix

Re: Sandboxing...

Post#3 by fullmoonremix » 20 May 2016, 11:37

Salutations... :good:

Overhead is a nominal issue. :unknown: In a security onion... it's all about the layers because there is no panacea. So the more... the merrier.

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: Sandboxing...

Post#4 by brokenman » 22 May 2016, 00:50

Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Care to explain exactly how hardened gentoo uses these concepts?
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: Sandboxing...

Post#5 by fullmoonremix » 22 May 2016, 01:17

Salutations... :good:

When I speak of "sandboxing" my intended meaning is in the general sense.
Be it chroot... containers... MAC... VM... or anything else. Basically ANYTHING that restricts access.

Short version... :Search:
Hardened Gentoo uses PaX / Grsecurity (and more). Kernel hardening is all about Fault tolerance and Principle of least privilege .
(eg...your "zombied" USB flash drive controller should NOT be able to flash system firmware and if it tries it should NOT crash the system)

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

Post Reply