Quoting Kris Marsh <[EMAIL PROTECTED]>: > On 6/20/07, Chris Rowson <[EMAIL PROTECTED]> wrote: >> This topic makes me think though. >> >> Wouldn't isolating all net enabled applications in this manner pretty >> much secure linux? Why aren't distributions running like this as >> standard? >> >> Chris >> >> -- >> ubuntu-uk@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk >> https://wiki.kubuntu.org/UKTeam/ >> > > > Security vs Usability. > > If you run your browser under a separate user you wont, for example, > be able to save files to your home directory. > > In principle though yes, it would be nice if each app that faces an > untrusted network was in their own separate user space or jail.
OK then, why not something like this: 1) App is installed into it's own Jail 2) A link is setup from given directories in each app's jail to /downloads which is read only. 3) Any documents downloaded are saved to the dir in the jail, but can be access by any user via /downloads and copied from there to a home dir. 4) a cron job runs once a day and cleans out any files that are still in /downloads for security purposes. Just a thought, M. -- Matthew Macdonald-Wallace Group Co-Ordinator Thanet Linux User Group http://www.thanet.lug.org.uk/ [EMAIL PROTECTED] GPG KEY: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFEA1BC16 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/