Update of "Experiment: mmmv_silkexec"
Not logged in
Overview

Artifact ID: 2eccfe9feb2e74fe0c5ffd7e91822843ef06afbf
Page Name:Experiment: mmmv_silkexec
Date: 2017-01-08 21:18:46
Original User: martin_vahi
Parent: ac3960e4162a877480fa8472966602be56340056 (diff)
Next 0918c21fd991c13dd8e2b2d817545f335f093246
Content

Currently code for the mmmv_silkexec does not exist, but the development deliverables will be among versioned files, when it becomes available.


A mmmv_silkexec application is wrapper to other applications, including other mmmv_silkexec applications. The purpose of the wrapping is to use extra tags and user specific configuration parameters for using the wrappable application.

The mmmv_silkexec project consists of the following tools:

mmmv_silkexec <full path of or a name on the PATH> <the command line args of the mmmv_silkexec application>

No technical solution is going to compensate for crappy work, because technical tools can be switched off or the original authors of software may leave edge cases out of consideration. The main ideas behind the mmmv_silkexec are to allow the execution of only those mmmv_silkexec applications that have been tested and/or verified by trusted parties, the NixOS package manager idea that each application is executed in an environment, where the LD_LIBRARY_PATH and the PATH have mmmv_silkexec application specific prefixes, the reliance on operating system services is limited to the UNIX standard to give the mmmv_silkexec a chance to be ported to all operating systems that have the UNIX layer (Linux, BSD, GNU Hurd, Genode OS, Minix3), the mmmv_silkexec must be fully usable without having any root access.


Package Format

None of the mmmv_silkexec package standard file and folder names contain any spaces, tabulation characters, line breaks. All package configuration text files, the ones at the package etc folder, are preprocessed by removing all spaces, tabulation characters, single-line-comments that start with either "#" or "//". After the single-line-comments deletion preprocessing step all linebreaks are deleted, except for the list_of_immediate_dependencies.txt.

<relateive ID as folder name>
    +--bin
    +-- etc
    |    +--overriding_values_of_environment_variables   # the existence of this folder is optional
    |    |    |# all in this folder is optional
    |    |    +--LD_LIBRARY_PATH.txt
    |    |    +--PATH.txt
    |    |    +--CFLAGS.txt
    |    |    +--<other environment variables>
    |    |
    |    +--prefixes_of_environment_variables   # the existence of this folder is optional
    |    |    |# all in this folder is optional
    |    |    +--LD_LIBRARY_PATH.txt
    |    |    +--PATH.txt
    |    |    +--CFLAGS.txt
    |    |    +--<other environment variables>
    |    |
    |    +--list_of_immediate_dependencies.txt # Optional, if dependencies not declared.
    |    |                                     # Otherwise one Silktorrent packet name per line.


Testing (Including Verification and Audits)

The executable mmmv_silkexec application must have only dependencies that have also been verified and/or tested by trusted parties. 

Different parties trust different other parties. Trust is a multidimensional value. A very kindhearted and not corrupt person can be totally untrustworthy from their capabilities point of view. On the other hand, sometimes, at some narrow contexts, enemies can be more trustworthy than friends. For example, enemies might have a good track record of fine skills and being rigorous and they might use some component, software package, at some security wise extremely critical role, while being very rigorous at the construction of their software component.

Given that the only proper way to verify/review code is a fully automated way(archival copy), there has to be a way to subscribe to the testing/verification system of the trusted parties. To avoid a Denial of Service attack by hacking into the testing/verification systems of one of the trusted parties, the local settings of the mmmv_silkexec should treat a test failure of a formerly accepted component as a timed warning, where the warning state moves to a blocked/failed state with a delay. The delay gives the trusted party time to handle the hack.