[Plash] Plash 1.5 released

plash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Plash] Plash 1.5 released

From:	Mark Seaborn
Subject:	[Plash] Plash 1.5 released
Date:	Fri, 07 Jan 2005 17:38:12 +0000 (GMT)

Version 1.5 of Plash is now available for download:
http://www.cs.jhu.edu/~seaborn/plash/plash.html

Recursive read-only objects are now implemented, and the shell will
pass objects as read-only by default.  There is one caveat to this.
If you enter a command like this:

  blah a => a/b

then `blah' will get read-only access to `a' but it won't get writable
access to `a/b'.  Fixing this requires a new kind of proxy object
which I'll implement in a later version.

It's now possible for a process to use the object-capability protocol
that I introduced in the previous version to create a restricted
environment to run a child process in.  As an example, there's a
"chroot" program.  It basically asks the server to return a reference
to the directory it wants to chroot into, given a pathname for it.
Then it creates a new fs_op object (which resides in the server
process) for handling filesystem requests, using that directory as the
root, and replaces its existing fs_op object with that one.

Normally, use of "chroot" is restricted to root under Unix, because
it's dangerous in the presence of setuid executables.  (You can hard
link a setuid executable into your chroot directory and replace the
libraries it uses with your own code.)  But Plash doesn't provide
setuid executables, so it's safe.  Another mechanism will be provided
instead of setuid.

Mark

[Prev in Thread]

Current Thread

[Next in Thread]

[Plash] Plash 1.5 released, Mark Seaborn <=

Prev by Date: Re: [Plash] Can't use plash for read only yet?
Next by Date: [Plash] Plash 1.6 released
Previous by thread: [Plash] Can't use plash for read only yet?
Next by thread: [Plash] Plash 1.6 released
Index(es):
- Date
- Thread