modred team mailing list archive

[Scott Lawrence <bytbox@xxxxxxxxx>]

Here's in idea (that I think was done in Plan 9) - give each user
their own namespace-like thing, in which they can modify any file.
These modifications will only be reflected in the global copy if they
are in the appropriate group, although people could go to something
like /namespaces and look at other people's namespaces (if the other
people set appropriate permissions). Technical detail: you can only
see files that you have the permissions to read.  All other files are
blank. Directories that you can't read (forget that 'executable'
nonsense, unless we can think of a good reason for it - the posix
interface will just extrapolate from the 'r' bit) are empty. Et
cetera.

I'm also thinking of _not_ having suid functionality (the posix
equivalent would do nothing - is there any reason not to do this? I've
always found stuff based around that rather crufty, especially
apache's mod_suexec, which relies on some marginally unintuitive
properties of unix which aren't actually all that true.

Good ideas/bad ideas?

I'm still working on the hub and server code - I understand that Mikey
is hacking around with some third-party sandbox solutions.

-- 
Scott Lawrence

Webmaster
The Blair Robot Project
Montgomery Blair High School