[DGD] Kernel LIB's Invisible Callouts

Stephen Schmidt schmidsj at union.edu
Sun Feb 29 05:48:03 CET 2004


On Sat, 28 Feb 2004, Michael McKiel wrote:
> I was about to start in on bringing my rewritten security code from Melville,

It is probably unwise to do that. The kernel security and the
Melville security are, I am pretty sure, not mutually compatible.
If you are using the kernel lib, then I think (I have little
experience with it) then you should leave all security issues
to the kernel, except insofar as you want to add additional
restrictions to those of the kernel. (Melville code might be
useful for that.) Trying to change the security code in the
kernel lib would break compatability for upgrades and be a
very risky thing to do. The kernel lib is, I think, more
secure than Melville (Melville is designed to be easy to use
rather than to be extremely secure, for reasons I've posted
in the recent past) and if tight security is a concern, you
are better off with the kernel code.

Melville security is based on fairly similar principles as
kernel security, which someone described recently. In Melville
all objects have a privileges string which describes their
level of privilege, and a creator string which describes the
user responsible for their existence. The privileges string
is based solely on the object's file name, and the creator
is usually whoever was this_player() at the time the object
was loaded. Of course, how these are assigned and how they
are checked differs considerably between Melville and the
kernel.

Steve



_________________________________________________________________
List config page:  http://list.imaginary.com/mailman/listinfo/dgd



More information about the DGD mailing list