Bill Cheswick wrote: > > One of the things I'd like to see in Linux and Windows is better > sandboxing of user-level programs, like Outlook and the browsers. > There have been a number of approaches proposed over the years, and > numerous papers, but haven't seen anything useful deployed widely > on any of these platforms.
With the introduction of the Linux Security Module into the official Linux kernel the first step has been done. Things like SELinux http://www.nsa.gov/selinux/ already use it to restrict user possibilities on the kernel level. Server applications can also use LSMs features to become more secure (sorry, no example yet). Best regards, Martin Stricker -- Homepage: http://www.martin-stricker.de/ Linux Migration Project: http://www.linux-migration.org/ Red Hat Linux 9 for low memory: http://www.rule-project.org/ Registered Linux user #210635: http://counter.li.org/
