[cap-talk] Windows Vista: security by admonition
Bill Frantz
frantz at pwpconsult.com
Thu Jun 8 00:58:07 EDT 2006
On 6/5/06, david.nospam.hopwood at blueyonder.co.uk (David Hopwood) wrote:
>I don't see why it isn't feasible to specify complex pipelines, job
>control, command-line editing, and program arguments in a secure shell.
>None of these are rocket science.
Indeed, these are relatively easy. The hard problems I met dealing with
writing a shell for KeyKOS were:
* Default arguments
* Shell scripts
Let me explain. Programs in KeyKOS which created objects usually took
three parameters, 2 space banks (both prompt and non-prompt
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/65.html>), and a
meter. In most cases, you wanted to pass the default space banks and
meter from the shell environment, but there were important exceptions.
However, having to specify them on every interactive command was a pain.
I developed command system
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/166.html> which
used templates to help define operations and parameters for objects. It
used the Alleged Type call
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/181.html> to
learn what operations an object would perform, what parameters each
operation required, and what results it produced. The template could
also specify default values for these values. However, since the shell
had access to more of the user's objects than might be appropriate for
the call in question, templates, as a programming language, did not obey
capability discipline, because they could access any of those objects.
A similar problem occurs with shell scripts. What name space do they
execute in? Probably running them in a sub-shell that is launched with
just the "right" capabilities would address this problem, but making
such a system easy to develop in and use might still be a bit tricky
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345 Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, CA 95032
More information about the cap-talk
mailing list