[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ion
Subject:    Re: CVS snapshot unavailable
From:       Per Olofsson <pelle () dsv ! su ! se>
Date:       2003-12-27 13:10:25
[Download RAW message or body]

On Sat, 27 Dec 2003, Tuomo Valkonen wrote:

> Another essential security feature would be program and not just user-based
> permissions/ACLs. An exact opposite of Palladium/TCPA world domination
> insanity; a way for the user/sys. admin to block out untrusted programs from
> his data. AFAIK Eros <www.eros-os.org> essentially only has program-based
> permissions given its persistent nature, but it shouldn't be too difficult
> to implement such permissions in *nix VFS using e.g. a database of md5sums
> of trusted binaries. Of course, scripts would need a little extra work.

I think SELinux does what you want, except that it uses file labels
instead of checksums.
[prev in list] [next in list] [prev in thread] [next in thread]