Sandboxing...
Posted: 12 Jan 2016, 04:27
Salutations...
I decided to expand this post from "Derivatives" to a full blown thread...
Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Security-focused operating system
Address space layout randomization: Linux
Best Regards...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
I decided to expand this post from "Derivatives" to a full blown thread...
@brokenman... I revised my previous post.Can you perhaps give me a real life scenario I can get my head around?
http://forum.porteus.org/viewtopic.php? ... ned#p40847Consider this real world example... OpenSSL has well documented exploits (because it's... "compromised by design?").
So this begs the question... if you reboot (w/ fresh mode) a compromised binary don't those compromises also reboot?
However... if sandboxed with patches and/or nanokernels the exploits can be eliminated and/or contained.
And any errors introduced by inferior and/or malicious code will NOT destablize/crash the system (hence... "fault tolerance").
Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Security-focused operating system
Address space layout randomization: Linux
Best Regards...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service