[Isolate-interest] Isolate root jail

Curt Cox ccox@tripos.com
Fri, 17 Sep 2004 09:28:14 -0500 

This is a multi-part message in MIME format.

----=_NextPart_ST_09_27_22_Friday_September_17_2004_519
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

> The main problem seems to be NT here.
As far as J2SE goes perhaps--what about J2ME?
More importantly, what can you accomplish via chroot that you can't do via
a SecurityManager?

> A different approach could  be to modify the access rights of the Isolate
> and restrict access to a filesystem
Again, what can you restrict here that you can't restrict with a
SecurityManager?
 
Java definitely needs a file system API.  I would love to be able to add
support for
NFS, CIFS, etc.. to applications just by adding the right jars.
 
With that said, creating a filesystem dependency on isolates should be
avoided
unless absolutely necessary.  I doubt it is necessary.
 
The JSR is rather divided about whether JSR 203 is targeted for Tiger or
Mustang,
but at this stage Tiger seems a bit unlikely ;)
 
 JSR 203: More New I/O APIs for the Java Platform ("NIO.2") 
http://www.jcp.org/en/jsr/detail?id=203

----=_NextPart_ST_09_27_22_Friday_September_17_2004_519
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1459" name=3DGENERATOR></HEAD>
<BODY text=3D#000000 bgColor=3D#ffffff>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff size=3D2><SP=
AN=20
class=3D235295913-17092004>&gt; <FONT face=3D"Times New Roman" color=3D#000=
000=20
size=3D3>The main problem seems to be NT here.</FONT></SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT><SPAN=20
class=3D235295913-17092004></SPAN>As&nbsp;far&nbsp;as&nbsp;J2SE&nbsp;goes&n=
bsp;perhaps<SPAN=20
class=3D235295913-17092004>--what about J2ME?</SPAN></DIV>
<DIV><SPAN class=3D235295913-17092004></SPAN><SPAN=20
class=3D235295913-17092004></SPAN><FONT face=3DArial><FONT color=3D#0000ff>=
<FONT=20
size=3D2>M<SPAN class=3D235295913-17092004>ore importantly, what can you ac=
complish=20
via chroot that you can't do via</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT color=3D#0000ff><FONT size=3D2><SPAN=20
class=3D235295913-17092004></SPAN></FONT></FONT></FONT><SPAN=20
class=3D235295913-17092004></SPAN><FONT face=3DArial><FONT color=3D#0000ff>=
<FONT=20
size=3D2>a<SPAN class=3D235295913-17092004>=20
SecurityManager?</SPAN></FONT></FONT></FONT><BR></DIV>
<DIV><SPAN class=3D235295913-17092004><FONT face=3DArial color=3D#0000ff si=
ze=3D2>&gt;=20
<FONT face=3D"Times New Roman" color=3D#000000 size=3D3>A different approac=
h=20
could&nbsp; be to modify the access rights of the Isolate<BR>&gt; and restr=
ict=20
access to a filesystem</FONT></FONT></SPAN></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>Again, what can y=
ou restrict=20
here that you can't restrict with a SecurityManager?</SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004></SPAN></FONT>&nb=
sp;</DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>Java definitely n=
eeds a file=20
system API.&nbsp; I would love to be able to add support for</SPAN></FONT><=
/DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>NFS, CIFS, etc.. =
to=20
applications just by adding the right jars.</SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004></SPAN></FONT>&nb=
sp;</DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>With that said, c=
reating a=20
filesystem dependency on isolates should be avoided</SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>unless absolutely=
=20
necessary.&nbsp; I doubt it is necessary.</SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004></SPAN></FONT>&nb=
sp;</DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>The JSR is rather=
 divided=20
about whether JSR 203 is targeted for Tiger or Mustang,</SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004>but at this stage=
 Tiger=20
seems a bit unlikely ;)</SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004></SPAN></FONT>&nb=
sp;</DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 size=3D2><SPAN=20
class=3D235295913-17092004><!--StartFragment --><FONT size=3D3>&nbsp;JSR 20=
3: More=20
New I/O APIs for the Java</FONT><FONT size=3D3> Platform ("NIO.2")=20
</FONT></SPAN></FONT></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft><FONT=
 face=3DArial=20
color=3D#0000ff size=3D2><SPAN class=3D235295913-17092004><A=20
href=3D"http://www.jcp.org/en/jsr/detail?id=3D203">http://www.jcp.org/en/js=
r/detail?id=3D203</A></SPAN></FONT></DIV></BODY></HTML>

----=_NextPart_ST_09_27_22_Friday_September_17_2004_519--