James Carlson wrote: > Casper.Dik at Sun.COM writes: >> Project Synopsis: Enabling finer grained access control in OpenSolaris > [...] >> The current Solaris privilege model does not allow one >> to express policy requirements such as "only allow >> binding to port 80/tcp", "only allow read access to >> file <<foo>>" or "only allow write access under $HOME/.mozilla" >> for a particular process or set of processes. > > A big +1 from me. > > While you're doing that, though, please consider locating and ripping > out the various half-way schemes that have been implemented in lieu of > such a policy.
Do you have a list of some of those ? -- Darren J Moffat
