[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A niche for the Hurd - next step: reality check
From: |
olafBuddenhagen |
Subject: |
Re: A niche for the Hurd - next step: reality check |
Date: |
Tue, 18 Nov 2008 04:16:04 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Hi,
On Thu, Nov 13, 2008 at 10:13:22PM +0100, Arne Babenhauserheide wrote:
> Am Donnerstag 13 November 2008 21:13:52 schrieb Michal Suchanek:
> > The shell would simply assign limited permissions to any process at
> > startup, and should it want more it would have to ask me through the
> > shell.
> >
> > Of course, some processes would be privileged - for example, a
> > browser (or better yet a part of a browser) would be set up with
> > rights to access the internet.
>
> Since I don't know enough about the Hurds internals I need to ask: How
> much work would it be to adapt a shell (and the subhurd code) to do
> just this?
This is actually more or less what I mean, when talking about using
subenvironments to confine dangerous applications. So, as I said, this
should take a couple months of programming work at most.
It is important though to point out that I only intend to confine
certain applications which are particularily exposed. I do not want to
run each single process on the system in a confined manner. I tend to
believe that the latter would also be possible on top of the existing
Hurd design -- however, it would mean a lot of overhead to run each
single process in some kind of subenvironment. If someone really wants
this level of security, a system like Coyotos, implementing confinement
at the very lowest system level, is most likely indeed a better
choice...
-antrik-
- Re: A niche for the Hurd - next step: reality check, (continued)
- Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/24
- Re: A niche for the Hurd - next step: reality check, Michal Suchanek, 2008/11/25
- Re: A niche for the Hurd - next step: reality check, Michal Suchanek, 2008/11/13
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/13
- Re: A niche for the Hurd - next step: reality check, Michal Suchanek, 2008/11/13
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/14
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/14
- Re: A niche for the Hurd - next step: reality check,
olafBuddenhagen <=
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/20
- Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/24
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/25
Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/19
Re: A niche for the Hurd - next step: reality check, Esben Stien, 2008/11/18
Re: A niche for the Hurd - next step: reality check, Arne Bab., 2008/11/27