Mastodawn

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show thread

Oriel Jutty

@mjg59 Isn't that the same question as:

You have malware running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run malware" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show thread

Daphne Preston-Kendal 2d ago

@barubary @mjg59 @zzt Yes, many security professionals do, in fact, have virtual machines on their local system running malware

Show thread

Matthew Garrett 2d ago

@barubary No, because my users are going to run this because they are going to be told to run this, and I have /some/ control over how they run this