[cap-talk] Building a bridge: library API's and file descriptors?

Matej Kosik kosik at fiit.stuba.sk
Wed Feb 4 15:07:25 EST 2009


Rob Meijer wrote:
> The solution seems simple, get the library vendors to extend their API to
> accept file descriptors.

It may be that vendors hope that these efforts:
- SELinux (RedHat)
  http://www.redhat.com/f/pdf/sec/WHP001USselinux.pdf
- Code Access Security (Microsoft)
  http://www2.computer.org/portal/web/csdl/doi/10.1109/MSP.2008.146
- Android Security (Google)
  http://www2.computer.org/portal/web/csdl/doi/10.1109/MSP.2009.26
will work:
- for guarding ourselves from untrusted code
- without sacrificing usability for security.


More information about the cap-talk mailing list