On 10/25/2011 01:08 AM, Michal Suchanek wrote:
> On 25 October 2011 00:53, Christian Pedaschus <chris / s-4-u.net> wrote:
>> On 10/25/2011 12:30 AM, Jorge Bo wrote:
>>> Hi Chris, thanks for your answer
>>>
>>> Honestly, im just evaluating different approaches.I'm finding very
>>> interesting the Ruby metaprogramming model,i posted a crazy idea in a
>>> previous message yesterday, that was crossing my mind, but it seems to be
>>> imposible to achive. But it could serve as a point of start.
>> I've read your proposal, and it immediatelly reminded me about openbsd's
>> securelevel(7). Wouldn't Openbsd count as an example, where a
>> potentially unsafe system is booted, and secured it has booted? Doesn't
>> it all depend on the kernel/interpreter?
>>
>> Compare:
>>  http://www.openbsd.org/cgi-bin/man.cgi?query=securelevel&sektion=7
>> With:
>>  http://www.rubycentral.com/pickaxe/taint.html
>>
>> For me, it sounds quite comparable, 'same old procedure', and the same
>> result: "start an untrusted system and secure it afterwards...
>>
>> Or am i missing something? (right now, that's quite possible *lol*)
> Yes, there some things that you are missing.
>
> While the OpenBSD secure levels aren't very good security mechanism
> you missed a few important points.
>
> 1) You boot a trusted system, not an untrusted one. Booting untrusted
> system is quite pointless.
>
> 2) You enter a higher secure level before allowing access from the
> outside. The securing is pre-emptive, not reactive as in the proposal.
>
> Thanks
>
> Michal
>
Sounds reasonable, gonna check it out.
Thanks,

Chris