The P_DOCUMENT/P_DOCUMENT_RO protections are unimplemented at present. This means that there are no access checks at all in the datastore. For the time being, you can read and write any entries you like. :(
Someday, we will add access checks to the datastore and we will teach Rainbow to keep track, for each instance, of which documents the user wants to permit access for. This isn't terribly hard to do well enough for a demo but making it good enough to deploy is beyond my available time for the immediate future. If this subject interests you, feel free to ping me for my thoughts on how to do it (or, even better, to step up with your own patches!) Once access checks and state management are in place, instances will only be able to read DS objects that they are resumed with. They will only be able to write to DS objects that they are resumed with or that they are creating for the first time. It is at this point that P_DOCUMENT and P_DOCUMENT_RO need to be sketched out well enough for continued development. Then, once we get that working, we could reasonably consider whether to deply the "DS access checks feature" since benign activities would then be less able to screw with the DS if they were subverted. Michael _______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
