What Use is a Confined User Shell?

By Alan Griffiths

A user shell is the way in which a user interacts with a computer system. It is the way in which input from keyboards, mice, touchscreens etc reach the system and applications and the way that output reaches the screen. A shell is responsible for launching applications, routing input to the focussed application and compositing the output from the visible applications onto the display.

Confinement is a way of restricting the capabilities of a program to specific devices, parts of the filesystem and other features of the system. An "unconfined" program can access anything that the user has permissions to do. So, for example, it could read any of the user’s files and copy them to the internet. The use of confinement is of increasing importance in computing as the basis for trust between the developer of a program and its user becomes increasingly tenuous.

Drawing from experience with adapting graphical shells and other applications to "confined" execution we examine what is needed to securely run untrusted applications on a computer.

Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED

By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED

Settings can be changed at any time from the Cookie Policy page.