[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Re: [Vrs-development] More info
|
From: |
Open Source |
|
Subject: |
Re: Fwd: Re: [Vrs-development] More info |
|
Date: |
Fri, 15 Mar 2002 14:19:13 -0800 (PST) |
> This is the biggest blank spot at this point. Let
> me
> summarize, from the top down, what's been said about
> it so far. None of this has been cast in stone,
> except the first part.
>
> First and for most, we need to reaffirm our prime
> directive. Security and Privacy are primary
> objective.
We have working on that for a quite a bit
> Now, I thinking that the most significant
> implication
> of this for the Services Manager is that the LDS
> host
> machine has to be very strongly isolated from any
> access to the hosts machines resources. We need an
> iron and concrete sandbox.
How do we plan to implement the sandbox. Something
similiar to the running Java applets in a browser
environment using ACL files.
> We think that a modular, plugin framework is the
> best
> general approach.
Considering that we are implementing an array of
features and with more to be added as we progress,
modular approach is the best bet.
> We've identified three levels of service, 1) static
> file services, i.e. ftp and static http,
> 2)crossplatform, IL compnent netservice, i.e. PNet.
> 3)Everything else, i.e. dynamic http and scripting
> support.
>
> What levels we can support depends largely on the
> Repository file structure design. A simple file
> storage model supports 1). A truely free standing
> encapsulated dataset with both IL logic and data
> will
> suport 2). A total inode model with a hiearchial
> file
> system will support 3).
An unix style filesystem with high performance and
reliability is a good one (basically an ideal file
system)
> We are looking to bring up apachie first.
Are we talking about the Apache run time system or the
entire web server?
> We have talked a bit about a chroot environment
> running as a dedicated user.
Check this out
http://www.bpfh.net/simes/computing/chroot-break.html
> The issue of using any system using dynamic linking
> to
> libraries outside the sandbox has been worried
> about.
If u don't mind a recap, how do u plan to avoid this?
> And that's about as far as we have gotten to date, I
> think. Unless Chris remembers something I've missed
> here.
>
> Oh, also, I don't think there is any reason in hell
> to
> consider ever running this in a MS environment.
Not at this stage, we might as well make it a very
viable alternative to MS passport stratergy. :-)
-Morphius
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
- Re: [Vrs-development] More info, (continued)
- Fwd: Re: [Vrs-development] More info, Bill Lance, 2002/03/14
- Re: Fwd: Re: [Vrs-development] More info, Bill Lance, 2002/03/14
- Re: Fwd: Re: [Vrs-development] More info, Open Source, 2002/03/14
- Re: Fwd: Re: [Vrs-development] More info, Bill Lance, 2002/03/14
- Re: Fwd: Re: [Vrs-development] More info, Chris Smith, 2002/03/15
- Re: Fwd: Re: [Vrs-development] More info, Bill Lance, 2002/03/15
- Re: Fwd: Re: [Vrs-development] More info, Open Source, 2002/03/15
Re: Fwd: Re: [Vrs-development] More info, Bill Lance, 2002/03/15
- Re: Fwd: Re: [Vrs-development] More info,
Open Source <=