Re: Linux/HURD security and virtual machines
On Wed, Oct 21, 1998 at 05:33:48PM +0100, Edmund GRIMLEY EVANS wrote:
> I suppose the thing I like least about UNIX is the way every program I
> run automatically receives permission to do everything I can do, e.g.
> delete all my files, send mail on my behalf, etc, etc. Also, there is
> nothing like a "virtual machine": portability of programs can not be
> enforced because every program can examine its environment and decide
> to fail if certain files exist on the system or whatever. This second
> issue is a consequence of the first one, of course: every program
> unnecessarily receives permission to examine the system it is running
Not actually true, you can write a libc-wrapper library to
limit the accessibility of the system.
fakeroot is an example, it makes the program believe to be root
in some cases, by using a libc wrapper.
Of course, things would be much better if the operating system
itself supported this.