Comments (1)
On 12/10/15, Clemens Gruber [email protected] wrote:
Hi,
what do you think about reducing the attack surface on OS X as well (and not
only on Linux with seccomp) ?There is a "sandbox facility" in OS X:
SANDBOX(7) BSD Miscellaneous Information Manual SANDBOX(7) NAME sandbox -- overview of the sandbox facility SYNOPSIS #include <sandbox.h> DESCRIPTION The sandbox facility allows applications to voluntarily restrict their access to operating system resources. This safety mechanism is intended to limit potential damage in the event that a vulnerability is exploited. It is not a replacement for other operating system access controls. New processes inherit the sandbox of their parent. Restrictions are generally enforced upon acquisition of operating system resources only. For example, if file system writes are restricted, an application will not be able to open(2) a file for writing. However, if the application already has a file descriptor opened for writ- ing, it may use that file descriptor regardless of restrictions. SEE ALSO sandbox-exec(1), sandbox_init(3), sandboxd(8) Mac OS X January 29, 2010 Mac OS X
We could probably also take other ideas and code from Chrome?
https://www.chromium.org/developers/design-documents/sandbox/osx-sandboxing-designWhat do you think? Ideas, suggestions?
I'd very much like to use OS X sandboxing. I don't have a Mac OS X
device that would be useful here. If you want to submit a patch, we
can have someone else help with the review, I'm open to reviewing it
also.
from tlsdate.
Related Issues (20)
- Long options with arguments don't accept arguments HOT 1
- Test for BIG/LITTLE ENDIAN in test-bio.c
- Time
- minor building issues on debian testing HOT 2
- Tlsdate has no installation candidate HOT 2
- Make tlsdate read proxy environment variables if present
- tlsdate fails to build with openssl-1.1 (new API) HOT 1
- TLS 1.3
- tlsdate-0.0.13 fails to compile with libressl-2.5.0 HOT 1
- Help: How can I disable automatic start of tlsdated? HOT 3
- How do I embed tlsdate into a C++ application? Is there any sort of "libtlsdate"?
- Why times are all different? Only "google.com" returns accurate time! HOT 2
- By default tlsdate uses the non-standard 'nogroup' group
- [EXPIRED] Windows binary
- Last commit 2015, is this project dead? HOT 11
- compile error on raspberrypi HOT 1
- Compile error
- Make error in ubuntu 18.04 HOT 1
- where to find tlsdate servers? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlsdate.