4 comments
ɗℯʃƕρʋ
@yojimbo @yarmo I've heard somewhere that originally UNIX was not supposed to have the open() call exposed to user applications -- you could only manipulate the files you got as stdin, stdout and stderr. Then you could add an open() call that required user interaction to select the file -- handled by the system, not the program. It would solve a lot of problems. Unfortunately, the UNIX security focused on protecting the mainframe from the students that used it, not them from each other.
CMDR Yojimbosan UTC+(12|13)
@rodolphe @deshipu @yarmo Cool, I hadn't seen SubgraphOS before. My first thought is that it's combining security-from-applications with anonymity-from-the-internet using Tor, and I'd rather concentrate on the app security end. https://github.com/subgraph/oz/wiki/Oz-Technical-Details looks like that piece, I'll enjoy reading about it ... |
@deshipu @yarmo Only sort-of ... Qubes has containers for "a task", and IIRC you can add whatever software you like to that task/domain. (not sure what terminology they use, but each domain is basically a VM+OS, not protected apps)