+1 OSProcess is really important for us. Like a good FFI
Stef On Mar 13, 2011, at 1:11 AM, Igor Stasenko wrote: > On 13 March 2011 00:19, David T. Lewis <le...@mail.msen.com> wrote: >> Hi Igor, >> >> I think it is good to make OSPP (and AioPlugin and XDisplayControlPlugin >> where appropriate) available in all distributed VMs, but in some applications >> they provide too much access to the operating system, so it is good to >> have them as external modules so that people who do not want them on >> the system can delete the modules. So I think it is best to treat it >> like FFI, it is there if you want it but can be removed if you are doing >> some sort of application where the user should not have easy access to >> the OS functions. >> > > Well, i think for making a secure 'appliance' sort of, a better > approach to not rely on > prebuilt VM , but build your own where you can always decide what is > secure enough and what's not, > and should be removed/disabled. > > Btw, we discussed a bit of this today with Henrik, and first thing i > think people should do, in order to make it more secure > is to disable external module loading mechanism. > Declaring that standard VM is more secure if you don't ship it with > _external_ modules (like FFI) sounds like a joke. > > So, what i'd like to ask is, that if everyone feel a day-to-day need > for using things like FFI or OSProcessPlugin > we should make it available by default and out of the box. And for > those, who concerned with low security there is always > an options to improve it, like hiring people to develop a custom VM > based on default one, where all security problems is > addressed properly. > > So, i don't see why we should constrain ourselves with things we use > and need, only because in eyes of someone > it doesn't looks secure enough. > >> Dave >> > > > > -- > Best regards, > Igor Stasenko AKA sig. >
