He said "things" not people. With file based capabilities it's usually the case that you trust the intentions of the user, and the programmer who wrote the code. But you're trying to limit the damage that processes running this code can do to the rest of the system (which giving them enough power to do their job) --- in the all-too-likely case that the program can be subverted in some way (buffer overflow, printf error, stack overflow in regex parsing, et cetera, ad infinitum, ad nauseum) Personally I still thing the cleanest most understandable way of accomplishing this sort of goal has been the systrace patches by Niels Provos. They make perfect sense to anyone who has ever had to deal with packet filtering and they are the only approach I've seen that would allow a normal user to effectively limit behavior of software. (One could imagine a user creating systrace configurations to prevent his or her browser from accessing specific document trees and other files, for example. The implications of this are far more significant than one realizes in an era when many of us are seriously considering locking our browsers --- and perhaps our MTAs --- into their own virtual machines to protect the rest of our home directories therefrom). JimD
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds