Gday John, Good to see another Aussie on the list and contributing some top info :)
I've looked into Plash and I think your suggestion is excellent. I was thinking of a two pronged approach: 1. AppArmor / SELInux or whatever static like central policy to contain deamons, as these services typically have fixed functions and can be locked down in a static way. I note here that Microsoft did this locking down for Vista services, where they went through all the services and implemented a least privileged model. We could exceed Windows by doing least privileged but also protecting it through mandatory access control policies as well. 2. A longer term secondary phase of securing X. Again we find ourselves behind Windows where for Vista the security of their system was made more resilient against shatter attacks with a number of changes to make it far more difficult. Depending on the specifics of how X is secured, sandboxes like Plash could be considered too. I do disagree with you on enabling a firewall by default. What you say is well informed - yes, you can use injection attacks to bypass firewalls. A firewall is a basic level of protection that Windows and OSX use by default. Attacks have to be more sophisticated to circumvent a firewall using injection attacks for example. Regards, Nullack -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss