zlacker

[parent] [thread] 2 comments
1. vidarh+(OP)[view] [source] 2014-10-08 23:19:20
That's nonsense. It doesn't automatically help security.

But compartmentalization does mean that barring a hypervisor exploit, each exploit can potentially be prevented from affecting more than a small part of the system.

I care a whole lot less if Chrome is exploited if it can't access my ssh keys, for example (not that I wouldn't still care, but the potential damage would be limited).

replies(1): >>mrotte+a
2. mrotte+a[view] [source] 2014-10-08 23:21:37
>>vidarh+(OP)
Why don't you just use different user accounts and permissions? That way you don't have to trust extra code and can achieve the same goal.

Edit: But the way you talk to me, obviously I must be stupid.

replies(1): >>csirac+48
◧◩
3. csirac+48[view] [source] [discussion] 2014-10-09 02:04:54
>>mrotte+a
I'd say the reasoning is that you then have to trust there are no privesc/bypass opportunities in your environment. Trusting that all your dbus/pulseaudio/network-manager/cups/fuse/display manager & friends aren't going to give your rogue chrome process on one account some kind of access to another (thanks to X11/XDMCP, they'll at least have keylogging) - that's a big surface area, aas in: space is big. Really big. You just won't believe how vastly, hugely, mind-bogglingly big it is.

Compared to the few hundred lines in the hypervisor providing VM-level isolation you'd be a bit mad to say that these are equivalent means of isolation.

[go to top]