I'm looking for a sponsor for putting Plash into Debian. The main page is: http://plash.beasts.org and Debian packages are at: http://www.cs.jhu.edu/~seaborn/plash/plash_1.11_i386.deb http://savannah.nongnu.org/download/plash/plash_1.11.dsc http://savannah.nongnu.org/download/plash/plash_1.11.tar.gz (The Debian source package contains a copy of glibc 2.3.3, which is 13Mb, but the source for Plash itself is only 200k.)
Plash is a restricted execution environment for running Linux programs with minimum privileges necessary. You can grant a process read-only or read-write access to specific files and directories, which can be mapped at any point in the filesystem namespace. Plash provides a shell with a syntax similar to the Bourne shell or Bash. The execution environment doesn't require a modified Linux kernel -- it uses chroot() and UIDs. It works with existing Linux executables, provided they are dynamically linked, because Plash uses a modified version of GNU libc. In most cases this does not affect performance because the most frequently called system calls, such as read() and write(), are not affected. New in this version is a tool for running XEmacs and dynamically granting it access to files. This means you don't have to give XEmacs access to all of your files. The tool is used like gnuclient: a single command grants XEmacs access to a file, and gets it to open a window to edit the file. For example, this lets you use XEmacs to edit files owned by root, without running XEmacs as root. In the future, this will be extended to work with other GUI programs. The Plash shell has a syntax similar to Bash, but with some changes, such as for granting write access to files (by default it's read-only). For example, if you run the "oggenc" encoder program with the command: oggenc foo.wav => -o foo.ogg then the oggenc process will have access only to the files foo.wav (read-only), foo.ogg (read/write/create), and those files in its installation endowment. By default, the installation endowment consists of /usr, /bin, /lib and /etc -- all as read-only -- but you can change this on a per-program basis. Programs aren't given access to other files, such as those in your home directory, unless explicitly granted them. Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
