Am Samstag 08 November 2008 12:20:33 schrieb [EMAIL PROTECTED]: > > It's definitely far out, though. > > Not as far out as some of the other ideas discussed here... The > necessary stuff should be quite possible to implement in a couple of > months or even weeks I think. It requires a proxy for the proc server > for local UIDs, and probably a filesystem proxy that enforces subuser > permissions. Not sure what else is needed. (auth? passwd?)
-snip- > Subusers however are quite useful in general -- in fact, we already > discussed the possibility in a different context once. I would also use > it as a base for running dangerous applications in a secure manner for > example. > I think this is actually quite a nice niche: It is a pretty obvious > feature. Once we have it implemented, we can advertize it directly. I > think people will see its usefulness themselfs -- no need to go hunting > for more specific use cases... I can already see something like a "subdo" command which provides easy access to common subhurd environments :) # Let a virus run free, but any effect vanishes once the subhurd closes # (this includes "effects" on network interfaces - # any packet sending is only faked). $ subdo --no-lasting-changes ./virus Best wishes, Arne -- -- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :) -- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the history of free software. -- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln. -- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt
signature.asc
Description: This is a digitally signed message part.
