Hi, On Thu, Nov 13, 2008 at 10:13:22PM +0100, Arne Babenhauserheide wrote: > Am Donnerstag 13 November 2008 21:13:52 schrieb Michal Suchanek:
> > The shell would simply assign limited permissions to any process at > > startup, and should it want more it would have to ask me through the > > shell. > > > > Of course, some processes would be privileged - for example, a > > browser (or better yet a part of a browser) would be set up with > > rights to access the internet. > > Since I don't know enough about the Hurds internals I need to ask: How > much work would it be to adapt a shell (and the subhurd code) to do > just this? This is actually more or less what I mean, when talking about using subenvironments to confine dangerous applications. So, as I said, this should take a couple months of programming work at most. It is important though to point out that I only intend to confine certain applications which are particularily exposed. I do not want to run each single process on the system in a confined manner. I tend to believe that the latter would also be possible on top of the existing Hurd design -- however, it would mean a lot of overhead to run each single process in some kind of subenvironment. If someone really wants this level of security, a system like Coyotos, implementing confinement at the very lowest system level, is most likely indeed a better choice... -antrik-
