Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" archit

To:	scsh-news@zurich.ai.mit.edu
Subject:	Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture.
From:	mailer-daemon@bof.de (Patrick Schaaf)
Date:	13 Apr 2003 06:42:57 GMT
Organization:	none

To:

scsh-news@zurich.ai.mit.edu

Subject:

Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture.

From:

mailer-daemon@bof.de (Patrick Schaaf)

Date:

13 Apr 2003 06:42:57 GMT

Organization:

none

"Andy Glew" <andy-glew-public@sbcglobal.net> writes:

>> > What's to stop a buggy web server from writing over files it's only
>> > supposed to serve, for example?
>>
>> Read only access, maybe?
>>
>> My Apache processes are running under a user role that does not allow
>> them to overwrite the files they are serving.

>That's the way to go - or, capabilities.

Full ack. When designing production Unix systems (Linux, in fact),
it is a good idea to have at least the network visible parts
running A) under their own uid, B) chrooted, if possible,
and C) with everything you can get away with being readonly.

>Whatever, the access control must be made lighterweight and
>not dependent on sysadmin/IT.  I just set up a wiki server,
>and am tied in knots because sysadmins don't want to
>give me a new userid or groupid, so that I can properly
>restrict the server.

Shoot that admin. He does not honor security. It's a clear
sign of bad administration when people _request_ a proper
security related separation, and are denied due to lazyness.
It does not help a bit if that lazyness is codified as policy.

>Creation of new "user roles" should not require sysadmin
>intervention.   It should be possible for any user role to create
>a subrole with a subset of capabilities.

A nice experimental OS I read about, which had that as one of its
main points, is Andrew Valencia's VSTA. See the capability papers at

        http://www.vsta.org/documentation/documentation.html

>Administering your own machine, whether physical or virtual,
>might amount to the same thing.

Exactly. Regarding the "virtual" bit, another project worth looking
at, which is actively developed (though a bit off the normal Linux
development track), can be found at

        http://www.solucorp.qc.ca/miscprj/s_context.hc

That's an attempt at making Linux virtual at the syscall level,
giving the possibility to have whole different Linux distributions
running, private init process and all. Both the visible processes,
and the visible networking setup (netstat, IP address binding, also
its implicit wildcard forms) are properly virtualized.

We start to build production web farm systems, inhouse, using this
project's code.

best regards
  Patrick

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., (continued) Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Harri Haataja Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Christopher C. Stacy Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", bear Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Joe Marshall Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Pascal Bourguignon Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Brian Hurt Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Rupert Pigott Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Toon Moene Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Tom Knight Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Harri Haataja Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Patrick Schaaf <= Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Florian Weimer Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., MJ Ray Message not available Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Joe Marshall Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Florian Weimer Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Sander Vesik Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Anne & Lynn Wheeler Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Christopher C. Stacy Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Anne & Lynn Wheeler Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Petter Gustad Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Christopher C. Stacy

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Christopher Browne
Next by Date:	Scsh (a Unix Scheme shell) FAQ, Michel Schinz
Previous by Thread:	Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Harri Haataja
Next by Thread:	Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Florian Weimer
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Christopher Browne

Next by Date:

Scsh (a Unix Scheme shell) FAQ, Michel Schinz

Previous by Thread:

Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm" architecture., Harri Haataja

Next by Thread:

Re: Could somebody use SCSH, Sheme, or Lisp to create the "Lispm", Florian Weimer

Indexes:

[Date] [Thread] [Top] [All Lists]