On Thu, 2005-10-13 at 00:41 +0200, Alfred M. Szmidt wrote: > If you can put a random program in a chroot, you will _always_ find a > way to break out of it. And it is simply not worth fixing it.
You have said words to this effect a couple of times now. Your position seems to be that security has to be "good enough", but not very good. In the end, the problem with this is that there are guys in eastern russia right now earning $1M/week to crack your machine. There is a reasonable limit to the appropriate effort on security, but I need to show you our web server logs. My lab gets 100 penetration attempts a minute on a *slow* day. I'm particularly puzzled by what you said above, though. Wouldn't running a browser applet qualify as running random code inside a jail? And isn't the whole point of a jail to run hostile code safely? I'm obviously not connecting the points in your argument. I do not expect that we will agree on the right answer, but I would at least like to understand your position and rationale. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
