Re: POSIX

[Ronald Aigner]

Jonathan S. Shapiro wrote on 10/26/2005 05:28 PM this:
> On Wed, 2005-10-26 at 16:13 +0200, Alfred M. Szmidt wrote:
> 
>>     Web browsers
>>     Email readers
>>     Word processors
>>     Document browsers (e.g. acrobat, xpdf, ghostview)
>>
>>All those run in a jail of sorts: the current user.  What would be
>>nifty is a way to allow a user to make sub-users, where he can
>>encapsulate a program and only give write/read access to a specific
>>directory.  Which is possible to do with any extensive rewrites I
>>think.
> 
> 
> Typo: I believe you meant to write "... *without* any extensive
> rewrites"
> 
> I have often thought about doing something like this, because it would
> be very attractive to be able to rescue the design model of current
> systems. Here is what I believe it would take:
> 
>   1. A model of "user" that is hierarchical, in the sense that I can
>      add and destroy new pseudo-users that are subordinate to me.
> 
>   2. A real ACL implementation in the file systems
> 
>   3. A very efficient way to visit all of the files that *I* have access
>      to and grant access to a new, subordinate user.
> 
> I have always failed to achieve the third part. If the actual number of
> necessary configurations can be kept very small, I can see that a
> statically preconfigured "safe subset" is possible. What I do not see is
> how to efficiently build a similar thing dynamically, in a way that is
> specific to the particular application that I am trying to run at the
> moment. By the time my protection agent is done visiting all of the
> necessary files, I have taken far longer than I can afford.
Maybe I am missing something, but a concept which comes to my mind that
could solve the third part, is a concept published in [1].

[1] http://os.inf.tu-dresden.de/papers_ps/icdcs97.ps.gz Haertig,
Reuther: "Encapsulating Mobile Objects" (ICDCS, 1997)

Greetings, Ron.
-- 
Mit freundlichen Gruessen / with regards
ra3 @ inf.tu-dresden.de
http://os.inf.tu-dresden.de/~ra3/