From ee66da41f53e1d23ff83cbca93fc10e8eee34945 Mon Sep 17 00:00:00 2001 From: "Kartik K. Agaram" Date: Sat, 25 Dec 2021 14:36:56 -0800 Subject: sandbox: new scenario --- sandboxing/README.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sandboxing') diff --git a/sandboxing/README.md b/sandboxing/README.md index ab3adf3..f73059c 100644 --- a/sandboxing/README.md +++ b/sandboxing/README.md @@ -44,6 +44,10 @@ Scenarios: allows an app to do anything. Educate people to separate apps that read sensitive data from apps that access remote servers. - (2) solution: map phases within an app to distinct permission sets + * app A legitimately needs to read sensitive data. It saves a copy to file + X. app B seems to legitimately needs to access the network, but also + asks to read file X. If the owner forgets who wrote file X and what it + contains, sensitive data could be exfiltrated. * (3) app wants access to system() or exec() or popen() Difficulty levels -- cgit 1.4.1-2-gfad0