zlacker

[parent] [thread] 6 comments
1. Touche+(OP)[view] [source] 2014-10-09 04:55:44
I know of no such models. Perhaps someone smarter than me has thought of them, that's why I asked the question initially.
replies(2): >>SamRei+o1 >>pjmlp+fd
2. SamRei+o1[view] [source] 2014-10-09 05:38:09
>>Touche+(OP)
Sandboxing. It's present on OS X.
replies(1): >>Touche+gm
3. pjmlp+fd[view] [source] 2014-10-09 11:26:20
>>Touche+(OP)
Sandboxing, where each process is only allowed to use a precise set of system resources.

Any attempt to use anything else leads to termination.

replies(1): >>Touche+am
◧◩
4. Touche+am[view] [source] [discussion] 2014-10-09 13:42:59
>>pjmlp+fd
Which resources are they allowed to use? What defines which resources they are given?
replies(1): >>pjmlp+ot1
◧◩
5. Touche+gm[view] [source] [discussion] 2014-10-09 13:44:02
>>SamRei+o1
I'm confused. The original person I responded to said that no desktop OSes had good security models. On OSX I can write a script that, when run as a user, has access to everything the user has access to. So what exactly are you talking about?
replies(1): >>SamRei+mB
◧◩◪
6. SamRei+mB[view] [source] [discussion] 2014-10-09 16:02:43
>>Touche+gm
I'm talking about OS X sandboxing. The hypothetical PDF reader doesn't have access to the email.
◧◩◪
7. pjmlp+ot1[view] [source] [discussion] 2014-10-10 06:46:15
>>Touche+am
> Which resources are they allowed to use?

The system administrator at installation time.

> What defines which resources they are given?

Applications just have a request list of what they require.

If the administrator doesn't allow them for the given application modules (executable, dynamic library, function call,...), bad luck.

[go to top]