[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Add support for shipping extended attributes in debs

Matthew Garrett writes ("Re: Add support for shipping extended attributes in debs"):
> On Fri, May 4, 2018 at 4:12 AM Ian Jackson <ijackson@chiark.greenend.org.uk>
> wrote:
> > Who wants the unapproved binaries to run, and who wants to prevent
> > them from running, and (in each case) why ?
> 
> For our case: we don't want binaries of unknown provenance to have access
> to sensitive credentials. Attackers who've compromised user accounts do.
> We're not actually seeking to block execution of unsigned binaries, we just
> want unsigned binaries to run in a less privileged security domain.

Thanks for the explanation, that makes sense.

Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: