AntiVirus?
Havoc Pennington
hp at redhat.com
Mon Mar 21 03:39:22 UTC 2005
On Sun, 2005-03-20 at 22:02 -0500, Colin Walters wrote:
> On Sun, 2005-03-20 at 18:47 -0500, Gregory Maxwell wrote:
> > On Sun, 20 Mar 2005 23:29:12 +0000, Mike Hearn <mike at navi.cx> wrote:
> > > Right. Actually I have a prototype SELinux "quarantine zone" policy file
> > > open in emacs right now. I've been writing a packaging/installer system
> > > for a while and the spyware question is common enough to be in the FAQ:
> >
> > What would be neat is for somone to make a version of GLIBC that can
> > live inside a seccomp jail, a little loader that can prelink an
> > executable with that glibc and put it in the jail, and an interface
> > that lets you "yes / no" syscalls. :)
>
> Prompting the user for access control decisions at the level of system
> calls is not useful unless your target audience is solely "Linux kernel
> developer"; i.e. .01% of Fedora users at best. Even at a much higher
> level you have to assume that if you prompt for this kind of stuff, 50%
> of the time they're going to get it wrong.
I think you mean 99.9% ;-)
Havoc
More information about the fedora-devel-list
mailing list