Sunday, March 31, 2024
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
If I'm explaining security or lack of security, or saying things like "this is not enough", it's not as part of a speech that's meant to whine. I'll explain: I could've just asked, in my first message, whether OpenBSD has a mechanism like Ctrl-Alt-Delete on Windows, and whether it has sandboxing for desktop apps, without explaining the rationale of having such security features. Then, someone could've come and tell me that these security features aren't necessary, or that I'm focusing on a minor security aspect. I wanted an informed discussion, so I was explaining the rationale behind these to make readers understand why I was asking about them. Furthermore, in my recent message about the faking of a doas/sudo prompt and User Account Control (UAC) on Windows, there was a part where I said that the sandboxing that OpenBSD provides for certain apps "[that alone] is not enough"; I said that in the context of explaining the security that UAC provides on Windows compared to what there seems to be with the default installation of OpenBSD, notice the rest of the message and how that comment of mine was in parantheses. It may sound like I'm completely knowledgeable about OpenBSD, but I'm not. I understand certain generally-applying concepts, but I don't know if, for example, there's a sysctl(2) or something that can optionally toggle into that. (As an example, until recently, I didn't know there was an optional sysctl(2) that can enable extra hardening for malloc.) I hope this clears up why I'm writing things the way I do.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment