Interesting read, thanks!
The ACL logic though doesn't seem quite right.
Having to do SHA digests on binaries to be sure you're granting access
to the right program doesn't seem correct at all. It's fragile: if the
program is updated with a new version it will stop working until the ACL
is updated, and if it starts using a helper program that will have to be
added to the ACL as well.
I wonder if it's possible to use session-id instead?
Looking quickly through the code, I couldn't see any way that it can
*revoke* access. i.e. you've got a session for user 'A', and then switch
to a new session for user 'B'. User 'A' should no longer have access to
things like the microphone, or the camera. If they've already got
/dev/video0 opened, then their file descriptor needs to be closed (or
rendered inoperative in some other way).
Luke
On 02/01/15 08:58, Jude Nelson wrote:
Hey everyone,
I just thought I'd post an update on vdev, since I'd mentioned earlier
that I was shooting for packages by now. It will take a couple more
days, but I'm pleased to say that the pre-alpha vdev can do the following:
* populate itself with all block and char devices known to sysfs
* hide or change the permissions on devices based on which process is asking
* run shell scripts as a result of devices appearing or getting removed
* create device nodes with user-defined paths
I've added automatic build and packaging scripts to vdev and its
dependencies (fskit and libpstat) if you're brave enough to play around
with it :) Don't try using it for early boot, though--that's not yet
tested.
I've also written a design document here, with a development roadmap:
http://judecnelson.blogspot.com/2015/01/introducing-vdev.html
Happy Gregorian New Year!
-Jude
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
