[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A niche for the Hurd - next step: reality check
From: |
Arne Babenhauserheide |
Subject: |
Re: A niche for the Hurd - next step: reality check |
Date: |
Thu, 20 Nov 2008 14:00:16 +0100 |
User-agent: |
KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; ) |
Am Dienstag 18 November 2008 04:16:04 schrieb olafBuddenhagen@gmx.net:
> Hi,
>
> On Thu, Nov 13, 2008 at 10:13:22PM +0100, Arne Babenhauserheide wrote:
> > Am Donnerstag 13 November 2008 21:13:52 schrieb Michal Suchanek:
> > > The shell would simply assign limited permissions to any process at
> > > startup, and should it want more it would have to ask me through the
> > > shell.
> > >
> > > Of course, some processes would be privileged - for example, a
> > > browser (or better yet a part of a browser) would be set up with
> > > rights to access the internet.
> >
> > Since I don't know enough about the Hurds internals I need to ask: How
> > much work would it be to adapt a shell (and the subhurd code) to do
> > just this?
>
> This is actually more or less what I mean, when talking about using
> subenvironments to confine dangerous applications. So, as I said, this
> should take a couple months of programming work at most.
>
> It is important though to point out that I only intend to confine
> certain applications which are particularily exposed.
Which for example could be done globally by putting a translator on top of the
applications binary which has the effect that whenever someone tries to
execute the application, he instead executes "subdo application".
Or the same but cleaner :)
Can a translator be used to do this without using the shell and "subdo" route?
Best wishes,
Arne
--
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the
history of free software.
-- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.
-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt
signature.asc
Description: This is a digitally signed message part.
- Re: A niche for the Hurd - next step: reality check, (continued)
- Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/24
- Re: A niche for the Hurd - next step: reality check, Michal Suchanek, 2008/11/25
- Re: A niche for the Hurd - next step: reality check, Michal Suchanek, 2008/11/13
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/13
- Re: A niche for the Hurd - next step: reality check, Michal Suchanek, 2008/11/13
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/14
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/14
- Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/19
- Re: A niche for the Hurd - next step: reality check,
Arne Babenhauserheide <=
- Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/24
- Re: A niche for the Hurd - next step: reality check, Arne Babenhauserheide, 2008/11/25
Re: A niche for the Hurd - next step: reality check, olafBuddenhagen, 2008/11/19
Re: A niche for the Hurd - next step: reality check, Esben Stien, 2008/11/18
Re: A niche for the Hurd - next step: reality check, Arne Bab., 2008/11/27