[cap-talk] some bitfrost answers

[Karp, Alan H]

Ivan Krstic wrote:
> 
> Right. This is normally not a concern with Bitfrost, because 
> bundles are
> completely unaware of other installed bundles and can't interact with
> them; the problem that actually arises is the limitation this 
> places on
> the programming model. Legitimate inter-application 
> interactions exist,
> and it's not clear to me yet what those are and how to permit 
> them. This
> is one of the things I'll be spending a lot of time thinking about in
> the next few weeks. Thoughts and examples welcome.
> 
We needed to address this problem for Polaris, our virus safe computing
environment for Windows.  Polaris is a kludge built on top of Windows,
so there are some constraints we have to work around that you probably
don't.  We set up a separate user account for each "pet".  A pet is an
account configured for a particular application, but you can have more
than one pet per application.  For example, I have one IE pet for
reading files off my disk and another for surfing.

There are two separate cases.  If I launch Excel from a Word document,
then Excel should run in the Word context with the Word permissions.  In
order to do that, we grant every application read and execute permission
on the Program Files folder.  That gives up a little bit of security but
gains a lot of usability.

Some programs that expect to work together are launched separately.  For
example, ActiveSynch for my PDA interacts with Outlook.  Polaris deals
with that by allowing me to configure one application to run in a pet
defined for another one.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp