Am Dienstag 18 November 2008 04:16:04 schrieb [EMAIL PROTECTED]: > Hi, > > On Thu, Nov 13, 2008 at 10:13:22PM +0100, Arne Babenhauserheide wrote: > > Am Donnerstag 13 November 2008 21:13:52 schrieb Michal Suchanek: > > > The shell would simply assign limited permissions to any process at > > > startup, and should it want more it would have to ask me through the > > > shell. > > > > > > Of course, some processes would be privileged - for example, a > > > browser (or better yet a part of a browser) would be set up with > > > rights to access the internet. > > > > Since I don't know enough about the Hurds internals I need to ask: How > > much work would it be to adapt a shell (and the subhurd code) to do > > just this? > > This is actually more or less what I mean, when talking about using > subenvironments to confine dangerous applications. So, as I said, this > should take a couple months of programming work at most. > > It is important though to point out that I only intend to confine > certain applications which are particularily exposed.
Which for example could be done globally by putting a translator on top of the applications binary which has the effect that whenever someone tries to execute the application, he instead executes "subdo application". Or the same but cleaner :) Can a translator be used to do this without using the shell and "subdo" route? Best wishes, Arne -- -- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :) -- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the history of free software. -- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln. -- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt
signature.asc
Description: This is a digitally signed message part.
