[haiku-development] Re: Security
- From: Jigzat <insecsite@xxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Mon, 01 Sep 2014 10:18:21 -0500
> El 1/09/2014, a las 10:16, Jigzat <insecsite@xxxxxx> escribió:
>
> I’m no security expert but, is a multi-user system more secure than a
> single-user one? how about system wide encryption or at least core components
> encryption during installation based on the user password and a usb recovery
> mechanism?.
>
>> El 1/09/2014, a las 10:06, Augustin Cavalier <waddlesplash@xxxxxxxxx
>> <mailto:waddlesplash@xxxxxxxxx>> escribió:
>>
>> On Mon, Sep 1, 2014 at 10:21 AM, Wayne Peter Corwin
>> <wayne.peter.corwin@xxxxxxxxxxxxxxxx
>> <mailto:wayne.peter.corwin@xxxxxxxxxxxxxxxx>> wrote:
>> Well okay, so if we take away the multiuser part, what security work has
>> been done? Or do I understand correctly that Haiku per now doesn't offer any
>> kind of security?
>>
>> Not true. We use Coverity for code scanning and fix security issues that
>> way, we try hard to stay on the latest OpenSSL (and hopefully soon we'll be
>> on LibreSSL), we have DEP and ASLR implemented (for x86(_64) at least), and
>> system folders are read-only (you can only change them by mounting
>> packages). ATM there is no privilege separation, but implementing that would
>> be quite a lot of work and I don't know who has the time for that...
>> However, the kernel does support users with passwords (and SSHD can use
>> that), it's only the GUI apps that don't do anything with it IIRC.
>>
>> If you notice any ways that someone can take control of the system without a
>> user running an application deliberately, let us know :)
>>
>> -Augustin
>>
>
Sorry for the top posting, I totally forgot about it.
Other related posts:
