Secure RPC wouldn't hurt either. Alexey Kuznetsov implemented it,
and it is available (along with several other interesting patches)
from ftp.inr.ac.ru. We may have a problem because it needs DES,
but then our standard libc already contains DES code so most Linux
distributors are already "international arms dealers" anyway :-).
More ideas for the wishlist - first the easy ones:
- handle the SAK and Ctrl-Alt-Del in raw mode (there is a small
patch for this available somewhere I think).
- allow processes run by normal users to lock a page or two
(subject to RLIMIT_MEMLOCK) so that sensitive data won't end
up in swap space. Currently only the superuser can do that
(still subject to the resource limit).
- new system call to get the state of the process "dumpable"
flag (for use by ld.so instead of geteuid() == getuid()) so
unreadable programs are truly unreadable (no LD_PRELOAD).
- new /proc mount option to prevent users from seeing processes
not owned by them. Some paranoid systems (SCO) have this.
Now something harder:
- the ext2 filesystem is quite good at recovering from crashes,
but it could be made even better (and probably only slightly
slower) by always syncing dirty buffers to disk in the right
order. For example, write data blocks, then indirect blocks
pointing to them, then inode blocks pointing to the data or
indirect blocks. This way the filesystem on disk would stay
consistent all the time.
Hey, this is starting to look more like the 2.4/3.0 wishlist :-).
Marek