Re: ANN: ANTS v2.0

[Patrick Tullmann <tullmann@cs.utah.edu>]

Sandy Murphy wrote:
> >        Inclusion of a new prototype security subsystem that allows
> >        the runtime to make fine-grained access control decisions on a
> >        per-application and per-protocol basis.
> 
> But not per-source-of-packet?  So if a protocol does management
> functions I can either permit the protocol (to everyone) or deny the
> protocol (to everyone)?

That's all you could do with what's there now.  We don't claim that
its complete, just a place to start.

It probably wouldn't be too hard to attach an identity to the current
Capsule.  Ideally the NodeOS would create this association and the
ANTS code could just expose it.  However, it might be a bit awkward to
figure out what the "current capsule" is at a given permission check.
(Probably just a bit more bookkeeping or another parameter on the Node
APIs.)

Alternatively, the APIs could be extended so that installed ANTS code
could drop some privs.  Then the protocol could manually implement the
priv. drop based on the source of the packet.

-Pat

----- ----- ---- ---  ---  --   -    -      -         -               -
Pat Tullmann                                       tullmann@cs.utah.edu
       It said "Windows 95 or better" so FreeBSD should run it.