[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security model

To: janos-discuss@fast.cs.utah.edu
Subject: Re: security model
From: Timothy Stack <stack@cs.utah.edu>
Date: Mon, 5 Nov 2001 08:50:29 -0700 (MST)
In-Reply-To: <834351917.20011105115508@eyou.com> from "avivi" at Nov 05, 2001 11:55:08 AM
Sender: owner-janos-discuss@fast.cs.utah.edu

> Hi,
> 
>     I want to make an application which sends capsule to read/modify the
>     route table of the given node. But I find the capsule cant do this
>     because the capsule is RemoteUser at the given node, and
>     RemoteUser don't have the permission to do this.

The route table is shared amongst all the protocols/applications so we
can't really allow untrusted code to have access to such a resource.

>     The Dante and DynamicRoute app are implemented as application. By
>     using '-principal user', the applications get the permission.
>     Could the capsule get any privileges to do these privilege
>     operations?

Downloaded code will always be run under the RemoteUser principal since
its hard to trust, however, an application can start up a protocol with a
different principal.  Simply create an application that calls
Node.register() with the appropriate Principal object.

>     Thanks.
> 
> -- 
> Best regards,
>  avivi

tim stack

Follow-Ups:
- Re[2]: security model
  - From: ZHENG Rui <zhengrui@nankai.edu.cn>

References:
- security model
  - From: avivi <avivi@eyou.com>

Prev by Date: Real Ping!
Next by Date: Re: ChanStats
Prev by thread: security model
Next by thread: Re[2]: security model

[ Janos ] [ OSKit ] [ Network Testbed ] [ Flick ] [ Fluke ]
Flux Research Group / Department of Computer Science / University of Utah