[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: subhurds etc.
|
From: |
olafBuddenhagen |
|
Subject: |
Re: subhurds etc. |
|
Date: |
Wed, 4 Nov 2009 07:19:46 +0100 |
|
User-agent: |
Mutt/1.5.19 (2009-01-05) |
Hi,
On Wed, Oct 28, 2009 at 04:39:38PM +0100, Arne Babenhauserheide wrote:
> Am Montag, 26. Oktober 2009 07:22:28 schrieb olafBuddenhagen@gmx.net:
> > I have some vague ideas how such partial subhurds could be used; but
> > not really much of an idea how such a setup would look like
> > exactly... Probably needs some very concrete use case(s) to work
> > from.
>
> Can you think of some?
The only *specific* things I can think of, are broader features: like
subusers, or running dangerous application in a restricted environment
(probably building on subusers); everything else I can think of is
vague. Perhaps running individual applications with a different network
stack, could also be counted as partial subhurds -- but I'm not sure
this can be considered very specific either...
I could probably come up with more specific use cases if I ever actually
start writing hurdish applications...
> How would I go for starting a virus which only gets a bogus
> environment?
Well, for this kind of sandboxing, I'd probably actually prefer a full
subhurd... After all, we don't want to restrict the virus in what it
*thinks* it can do :-) A restricted subenvironment would make the
restrictions pretty visible.
-antrik-