However, you could rig up an LD_PRELOAD shared library to handle 
some useful system calls (open, unlink, etc.) and even go so far 
as to ask for confirmation before doing anything "suspicious" 
(opening files outside current directory, opening network port
to, etc.)  It would still be a pain, but would
provide a potentially useful "sandbox" area in which to run an
application, without compromising the integrity of the system
as a whole.

Elliot Lee wrote:
> > Zak McGregor wrote:
> >
> > >Now, for apps executed in such a way via Nautilus or GMC, perhaps it
> > >would be a good idea to have a sort of chrooted environment for those
> > >files to run in
> Setting up a chroot environment requires root and can be very time
> consuming. The actually chroot() system call also requires root.
> Unfortunately, this makes the idea impractical,
> -- Elliot
> A fool and his money were lucky to get together in the first place.
>         (WC Fields)
> _______________________________________________
> Nautilus-list mailing list

| Eric B. Mitchell         mailto:[EMAIL PROTECTED] |
| tel: (301) 809 - 3534    Altair Aerospace Corporation |
| tel: (800) 7 - ALTAIR    4201 Northview Dr. Suite 410 |
| fax: (301) 805 - 8122    Bowie, MD  20716             |
          /"\  / o=\  /"""---===/
         /   \_/  \__/   ---===/ 
         |    //\   || /""TT""/ //\   || ||""\
         |   //  \  ||    ||   //  \  || ||__/
         |  //--==\ |L--/ ||  //--==\ || || "=,
          \      ---===/

Mc mailing list

Reply via email to