Re: A niche for the Hurd - next step: reality check

[olafBuddenhagen]

Hi,

On Thu, Nov 13, 2008 at 10:13:22PM +0100, Arne Babenhauserheide wrote:
> Am Donnerstag 13 November 2008 21:13:52 schrieb Michal Suchanek:

> > The shell would simply assign limited permissions to any process at
> > startup, and should it want more it would have to ask me through the
> > shell.
> > 
> > Of course, some processes would be privileged - for example, a
> > browser (or better yet a part of a browser)  would be set up with
> > rights to access the internet.
> 
> Since I don't know enough about the Hurds internals I need to ask: How
> much work would it be to adapt a shell (and the subhurd code) to do
> just this? 

This is actually more or less what I mean, when talking about using
subenvironments to confine dangerous applications. So, as I said, this
should take a couple months of programming work at most.

It is important though to point out that I only intend to confine
certain applications which are particularily exposed. I do not want to
run each single process on the system in a confined manner. I tend to
believe that the latter would also be possible on top of the existing
Hurd design -- however, it would mean a lot of overhead to run each
single process in some kind of subenvironment. If someone really wants
this level of security, a system like Coyotos, implementing confinement
at the very lowest system level, is most likely indeed a better
choice...

-antrik-