I might do that. Of course I hesitate to join more
ML's -- I'd been thinking of joining this one for years
and finally "bit the bullet" for this article.
Is there a publicly accessible news (NNTP) server where
I could periodically point a copy of 'suck'? One that
would carry the gateways for the various Linux ML's?
(In my consulting, writing, and as "that answer guy"
at Linux Gazette, I frequently need to research strange
and exciting new Linux stuff. Unfortunately Yahoo!,
Alta-Vista, and Deja News sometimes fail me.)
Re: Ted
I'm aware of his interest in POSIX.1e. We discussed it at
the San Jose IETF workshop and a bit more at the Anaheim
USENIX.
I'm actually interested in a more generalized capabilities
system. I'd like a user program to be able to do things
like generate a "capability" (a token) which grants a specific
form of access to a resource (usually a file, I'd imagine)
and pass that onto other programs which could then get
*just* that access to *just that resource*. By allowing one
"token" to grant access to another token you might implement
"revocable" capabilities (issue the indirect token -- to
revoke the access to the original resource simply destroy
the direct one).
I deliberately left my thoughts on that off of this list
before becuase I think this would be best done as a
subsystem outside of kernel space. (The problem being that
the only security benefits would only apply to programs
running within that subsystem).
Ideally I'd like to see a system where a user could create
a "role" and configure programs to be limited to the
resources allowed by that "role." I think that I shouldn't
*have* to trust a game with my e-mail archives, or my
mail reader with my checkbooks, or my procmail auto-responder
with anything other than incoming e-mail,it's log, and one or
two directories of auto-response documents.
This goes *way* beyond your Java style VM/sandbox. The
problem with a Java sandbox is that you can't to anything
other than "play" in it. I want something more like
jail cells (and don't even mention chroot() for that).
In the long run I realize that this goal is not Unix or
Linux -- and not related to the kernel. I also realize that
this would probably require that most programs be "ported"
to the subsystem, and I'm willing to accept that this may
lead to much lower performance. (Luckily it will be so long
before anyone implements this that Moore's law will compensate).
Finally I realize that I'm not sufficiently experienced, or
educated -- and possibly just not smart enough -- to do this
concept justice. Certain things (like editors and shells)
are applied by users to virtually all resources to which they
have access. They thought of "porting" emacs to this sort
of environments is truly frightening.
> See
> http://parc.power.net/morgan/Orange-Linux/linux-privs/sampler/index.html
> for more information.
Been there, read that.
(Will go again -- to see updates and to see what I missed
last time).
> michaelkjohnson
>
> "Magazines all too frequently lead to books and should be regarded by the
> prudent as the heavy petting of literature." -- Fran Lebowitz
Yes -- I've been courting that very notion, myself.
--
Jim Dennis (800) 938-4078 consulting@starshine.org
Proprietor, Starshine Technical Services: http://www.starshine.org
PGP 1024/2ABF03B1 Jim Dennis <jim@starshine.org>
Key fingerprint = 2524E3FEF0922A84 A27BDEDB38EBB95A