Restricting access to files to signed code is method to improve security by limiting code that can read, write or have full access to a given file.
This is a ticket is discusses this feature in more detail:
- Would restricting access to files be a useful?
- What level of sophistication would be required?
- Sufficient to simple restrict all access to signed code only?
- Access restriction to specified files only?
- Different gpg signatures to access different files?
- Ability to specify Read access only or full access?
- How would superfiles be treated?
- If superfile access is restricted, can individual component parts be accessed?
- If restriction is specified for an individual part of a superfile, would that restriction need to propogate to the super file
- Where would the restriction be enabled/specified? Dali?
- How would access restriction be maintained when accessed outside Thor: for example, through EclWatch, file spraying/despraying, various std.File operations?
- If signed file access restriction was available, how likely is it to be used?
|Codegen support for restricting files to signed code||Resolved||Unassigned|
|Allow access to files to be restricted to signed code||Resolved|