[cap-talk] Building a bridge: library API's and file descriptors?
Matej Kosik
kosik at fiit.stuba.sk
Wed Feb 4 15:07:25 EST 2009
Rob Meijer wrote:
> The solution seems simple, get the library vendors to extend their API to
> accept file descriptors.
It may be that vendors hope that these efforts:
- SELinux (RedHat)
http://www.redhat.com/f/pdf/sec/WHP001USselinux.pdf
- Code Access Security (Microsoft)
http://www2.computer.org/portal/web/csdl/doi/10.1109/MSP.2008.146
- Android Security (Google)
http://www2.computer.org/portal/web/csdl/doi/10.1109/MSP.2009.26
will work:
- for guarding ourselves from untrusted code
- without sacrificing usability for security.
More information about the cap-talk
mailing list