At 12:50 31/05/2002 +0200, Bjoern Fischer wrote: >systrace is not for sandboxing users but for sandboxing untrusted >binaries. Such as netscape for example. Of course you never would >run netscape as root. But you may even consider your "normal" user >privileges as too powerful (reading PGP-Keys, tampering .rhosts or >xauth, deleting you reports).
I think even more useful than sandboxing netscape would be sandboxing netscape (or other application) plugins. I'd certainly be much more willing to download and run the foo-reader plugin from 31337 enterprises if I knew that it would be unable to make any system calls beyond those necessary to interface with the owning application. Colin Percival To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
