Porteus

Porteus User Forum
https://forum.porteus.org/

Sandboxing...

https://forum.porteus.org/viewtopic.php?f=113&t=5399

Page 1 of 1

Sandboxing...

Posted: 12 Jan 2016, 04:27
by fullmoonremix
Salutations... :good:

I decided to expand this post from "Derivatives" to a full blown thread... :unknown:
Can you perhaps give me a real life scenario I can get my head around?
@brokenman... I revised my previous post. :wink:
Consider this real world example... OpenSSL has well documented exploits (because it's... "compromised by design?").
So this begs the question... if you reboot (w/ fresh mode) a compromised binary don't those compromises also reboot?

However... if sandboxed with patches and/or nanokernels the exploits can be eliminated and/or contained.
And any errors introduced by inferior and/or malicious code will NOT destablize/crash the system (hence... "fault tolerance").
http://forum.porteus.org/viewtopic.php? ... ned#p40847

Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Security-focused operating system
Address space layout randomization: Linux

Best Regards... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

Re: Sandboxing...

Posted: 20 May 2016, 07:17
by Evan
<removed>

Re: Sandboxing...

Posted: 20 May 2016, 11:37
by fullmoonremix
Salutations... :good:

Overhead is a nominal issue. :unknown: In a security onion... it's all about the layers because there is no panacea. So the more... the merrier.

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

Re: Sandboxing...

Posted: 22 May 2016, 00:50
by brokenman
Once again... (as previously indicated) Hardened Gentoo... Minix and AlpineLinux (Arch) use this approach.
Care to explain exactly how hardened gentoo uses these concepts?

Re: Sandboxing...

Posted: 22 May 2016, 01:17
by fullmoonremix
Salutations... :good:

When I speak of "sandboxing" my intended meaning is in the general sense.
Be it chroot... containers... MAC... VM... or anything else. Basically ANYTHING that restricts access.

Short version... :Search:
Hardened Gentoo uses PaX / Grsecurity (and more). Kernel hardening is all about Fault tolerance and Principle of least privilege .
(eg...your "zombied" USB flash drive controller should NOT be able to flash system firmware and if it tries it should NOT crash the system)

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/