[Cryptography] In the latest unexpected ransomware twist ...
Viktor Dukhovni
cryptography at dukhovni.org
Mon Jun 21 20:56:37 EDT 2021
On Mon, Jun 21, 2021 at 10:23:54AM -0700, John-Mark Gurney wrote:
> > FreeBSD has "capsicum":
> >
> > https://www.freebsd.org/cgi/man.cgi?query=cap_enter&sektion=2&n=1
> >
> > but neither unveil() nor cap_enter() is sufficient. If it is possible
> > to download and save files, we also need hard limits on any code
> > executed as a side-effect of openining or running said files.
> > Otherwise, the protections is ultimately still porous.
>
> Well, at least for capsicum, a process that has entered capsicum
> cannot execute another file w/ more permissions than originally
> granted.. and it can further restrict it by closing fd's, etc before
> exec..
>
> Now if you go and run said program outside of a sandbox, etc, well,
> that you intentionally bypassing the restrictions, and I think most
> people don't want to disallow that..
And yet, disallowing post-sandbox execution of downloaded files is
*exactly* what's needed to protect enterprises from social-engineered
user errors.
Just sandboxing the browser and mail client is not enough. Of course
restricting execution of downloaded content is less convenient, but
security/convenience choose one.
--
Viktor.
More information about the cryptography
mailing list