D
dschere
Guest
Karl Denninger on his blog has suggested a new permission scheme for mobile devices that I feel would have use on Linux in general. Since I haven't posted more than 4 articles the system won't let me post a link so if you want to read the article do a search for "Innovation That Apple And Google Can't Provide" and look for "denninger".
Admittedly he is a blackberry bigot (one of the few left standing) but he makes an important point.
In a nutshell, in modern systems we need to have more granularity of control over process permissions such as network access, weather a process can run as a daemon ect. This could be tied to an extra bit in the permissions mask that when set allows an extended set system resources that the system administrator can control for a process. Something like:
chmod --extended <hex number> ....
where "--extended" sets switches for meta permissions such as
network permissions
allow running as a daemon
allow fork
...
Any thoughts?
Admittedly he is a blackberry bigot (one of the few left standing) but he makes an important point.
In a nutshell, in modern systems we need to have more granularity of control over process permissions such as network access, weather a process can run as a daemon ect. This could be tied to an extra bit in the permissions mask that when set allows an extended set system resources that the system administrator can control for a process. Something like:
chmod --extended <hex number> ....
where "--extended" sets switches for meta permissions such as
network permissions
allow running as a daemon
allow fork
...
Any thoughts?