[cap-talk] Plash: Empowering Security
James A. Donald
jamesd at echeque.com
Sun Apr 6 21:03:22 CDT 2008
Toby Murray wrote:
> Unlike other sandbox approaches, Plash removes the need to specify
> detailed policy information for each application by leveraging the
> information that is already available about the application in the form
> of standard package dependencies and by making smart use of existing
> facilities like the "Open File" dialog to infer security information.
This is the key, and I think it needs more emphasis and explanation.
The key concept that you neglect to emphasize enough, is combining
designation with permission. No one bothers to manage permissions until
disaster ensues, and if they have to manage permissions, it is seldom
clear what they should do - or more likely what they should have done to
avoid the disaster which has just happened. Therefore we absolutely
have to attach permission to the coat tails of designation, otherwise
there is absolutely no way permissions are going to be managed correctly.
More information about the cap-talk
mailing list