On Sat, 27 Dec 2003, Tuomo Valkonen wrote: > Another essential security feature would be program and not just user-based > permissions/ACLs. An exact opposite of Palladium/TCPA world domination > insanity; a way for the user/sys. admin to block out untrusted programs from > his data. AFAIK Eros <www.eros-os.org> essentially only has program-based > permissions given its persistent nature, but it shouldn't be too difficult > to implement such permissions in *nix VFS using e.g. a database of md5sums > of trusted binaries. Of course, scripts would need a little extra work.
I think SELinux does what you want, except that it uses file labels instead of checksums.
