Re: Add support for shipping extended attributes in debs
Matthew Garrett writes ("Re: Add support for shipping extended attributes in debs"):
> On Fri, May 4, 2018 at 4:12 AM Ian Jackson <ijackson@chiark.greenend.org.uk>
> wrote:
> > Who wants the unapproved binaries to run, and who wants to prevent
> > them from running, and (in each case) why ?
>
> For our case: we don't want binaries of unknown provenance to have access
> to sensitive credentials. Attackers who've compromised user accounts do.
> We're not actually seeking to block execution of unsigned binaries, we just
> want unsigned binaries to run in a less privileged security domain.
Thanks for the explanation, that makes sense.
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: