[DGD] Alternatives to the Kernel model of security...
Josh Dady
jpd at indecisive.com
Wed Jan 28 06:43:30 CET 2004
One way to go about this would be to start with maintaining abstract
meta-data about entries in the filesystem. This is precisely what the
MUD I'm associated with doesn't do -- there's a colossal mapping of
permissions somewhere that the file-access bottle-necks all have to
check, one way or another.
If I was building "from the ground up", I'd at least consider building
on DGD's native semantics in layers -- one layer would just add
properties (which admittedly could still be stored in one colossal
mapping somewhere) that inherently follow the file to which they're
attached around. The next layer might implement file permissions, and
store the needed data using the meta-data API from above, not much
caring how it works.
Other layers could store other resource limits (i.e., chprop
rsrc:max-clones=10 spiffy-monster.c), file type (i.e., only files of
type "LPC" may be compiled), whatever. If your layers are well-defined
and orthogonal, you might be able to build up quite sophisticated
semantics this way, one layer at a time.
--
Joshua P. Dady
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1077 bytes
Desc: not available
URL: <https://mail.dworkin.nl/pipermail/dgd/attachments/20040128/a3a05d3f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 174 bytes
Desc: not available
URL: <https://mail.dworkin.nl/pipermail/dgd/attachments/20040128/a3a05d3f/attachment.sig>
More information about the DGD
mailing list