[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[DotGNU]Re: DotGNU Security System
From: |
Peter Minten |
Subject: |
[DotGNU]Re: DotGNU Security System |
Date: |
Sun, 05 Jan 2003 18:20:21 +0100 |
Peter Minten wrote:
>
> Hi folks,
>
> as promised in my 'Fullback webservices' mail here is an explanation about the
> DotGNU Security System (DSS) idea. DSS is build on the concept that all I/O
> operations of an application have to be pass DotGNU objects. By modifying the
> DotGNU I/O objects we can implement a security layer (for sandboxing and stuff
> like that).
The XML of a config file looks like this (it's not perfect XML, but it should
give you an idea):
<dotgnu:security:config>
<!-- For which apps is this valid? -->
<applications>
<app>
<name>Hello*</name> <!-- All apps who's name start with Hello -->
</app>
<app>
<name>*</name> <!-- Any app -->
<vendor>Foobar</vendor> <!-- From Foobar -->
</app>
<app>
<name>*</name> <!-- Any app -->
<trustlevel>untrusted</trustlevel> <!-- That we don't trust -->
</app>
</applications>
<!-- Virtual directory structure -->
<virtualdirs>
<!-- A root dir is required if vdir is used (no root, no vdirs) -->
<vdir mount="/" real="/home/peter/DotGNU"> <!-- A dir -->
<vfile mount="/foo.texinfo" real="/home/peter/file.texi"> <!-- A file -->
</virtualdirs>
<!-- Permissions -->
<permissions>
<!-- Name should be clear, mode is in rwx notation -->
<dir name="foo" mode="rwx">
<dir name="bar" mode="r">
<file name="fred" mode="r">
<file name="barney" mode="rx">
<!-- Permissions can also be assigned to vdirs and vfiles too -->
<vfiles name="/foo.texinfo" mode="rwx">
</permissions>
</dotgnu:security:config>
Note that there are 3 trustlevels: untrusted, halftrusted, trusted. The
trustlevel mainly depends on the trustlevel given by the webservice directory,
it also depends on the trustlevel given by people that you trust. I won't bother
you with an example calculation, but if you know GPG you probably get the idea.
Note that regexps are allowed in any file or dir name.
Note that when the mode of a dir or file is set multiple times the last time
counts. This can be used to first set all files -r -w -x and then set the read,
write or execute rights on for specific ones.
Note that a file that is accessible but which is not mentioned get's "rwx".
Note that effective_mode := dss_mode & real_mode where real_mode is the rights
set of the user (eg can the user write to a file?).
Greetings,
Peter