Re: Re[2]: security model

[Timothy Stack <stack@cs.utah.edu>]

> Hi,
> 
> TS> The route table is shared amongst all the protocols/applications so we
> TS> can't really allow untrusted code to have access to such a resource.
> If I am administrator, I may want to know the routes of each node,
> even evolve the networking protocols(including routing protocol) and
> services. If all the downloaded codes are untrusted, these missions
> cannt be done by administrator.

yep, this, along with quite a few other things are just "issues" that ants
has that haven't been dealt with.

> TS> Downloaded code will always be run under the RemoteUser principal since
> TS> its hard to trust, however, an application can start up a protocol with a
> TS> different principal.  Simply create an application that calls
> TS> Node.register() with the appropriate Principal object.
> I know this and I can get it through application.But I still hope I
> can do it through capsule. Can the capsule have two level principals
> that are RemoteUser and AdminUser?

theres no authentication and therefore no reason to trust the code.  When
an application starts up the protocol we can place some trust in the
application to do the right thing.

> TS> tim stack
> 
> Another question, I use policy in the configure script.
>  node 12.12.12.2 -policy policy.ser
> But I got exception.
> Exception in PrimordialNode startup: ants.core.security.Principal; Local
> class not compatible: stream classdesc
> serialVersionUID=3520738931194926909 local class
> serialVersionUID=3300960494289033756
> java.io.InvalidClassException: ants.core.security.Principal; Local class

Have you tried regenerating policy file?  Just run
ants.core.security.SecurityDefaults with the name of the new policy
file.  Otherwise, i've never seen this before.

> Best regards,
>  Rui 

tim stack