bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A niche for the Hurd - next step: reality check


From: Arne Babenhauserheide
Subject: Re: A niche for the Hurd - next step: reality check
Date: Thu, 20 Nov 2008 14:00:16 +0100
User-agent: KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; )

Am Dienstag 18 November 2008 04:16:04 schrieb olafBuddenhagen@gmx.net:
> Hi,
>
> On Thu, Nov 13, 2008 at 10:13:22PM +0100, Arne Babenhauserheide wrote:
> > Am Donnerstag 13 November 2008 21:13:52 schrieb Michal Suchanek:
> > > The shell would simply assign limited permissions to any process at
> > > startup, and should it want more it would have to ask me through the
> > > shell.
> > >
> > > Of course, some processes would be privileged - for example, a
> > > browser (or better yet a part of a browser)  would be set up with
> > > rights to access the internet.
> >
> > Since I don't know enough about the Hurds internals I need to ask: How
> > much work would it be to adapt a shell (and the subhurd code) to do
> > just this?
>
> This is actually more or less what I mean, when talking about using
> subenvironments to confine dangerous applications. So, as I said, this
> should take a couple months of programming work at most.
>
> It is important though to point out that I only intend to confine
> certain applications which are particularily exposed. 

Which for example could be done globally by putting a translator on top of the 
applications binary which has the effect that whenever someone tries to 
execute the application, he instead executes "subdo application". 

Or the same but cleaner :) 

Can a translator be used to do this without using the shell and "subdo" route? 

Best wishes, 
Arne
-- 
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the 
history of free software.
-- Ein W├╝rfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.

-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]