Clever idea, however keep in mind that you are trusting both your file system permissions to be sane and your kernel to enforce them correctly (I.e. Not have bugs). a lot of projects have tried to do this (i.e. SeLINUx, trusted bsd) and it turns out to be surprisingly hard to build isolation policies that are useable and practical. I think one very cool solution recently has been qubes-- it runs each application in its own, temporary VM and provides secure UI magic for file opening, clipboard, etc
Reusing unix user ids as application ids is an excellent idea, and it has worked reasonably well in android so far. Good to see this being applied to X/desktop.
This is clever. It's not running code as a random user on your system, but rather as a random non existent user id.<p>This has the effect of denying lots of privileges to whatever is being software is being run.
I liked this idea so much that I made an improvement: Instead of running a user-specified command, it runs a randomly chosen command as a randomly chosen[0] user!<p><a href="https://github.com/nickodell/rarucmd/tree/master" rel="nofollow">https://github.com/nickodell/rarucmd/tree/master</a><p>(Don't run this on a system you care about.)<p>[0] Randomness may vary.
From looking around an Android device via ssh a long time ago (still in the "wow, linux on my phone" phase), I remember that all apps that are installed also have their own user installed. Access to various resources was then done via the groups that user is in. But of course then there is no real "main" user and multi-user wise it is back to Win95 level. I assume that has not changed much.<p>And back when the first commercial games for linux came out, I did not want to trust binary-only executables and added a user plus a script so I could run anything via passwordless sudo and then did and still do the same for my web-browsing. Since these have their own ~, the data is persistent, but for something you totally do not trust raru looks nice.<p>This of course requires root access, automatic /home/me/home2 (or /home/me_home2) generation with optional persistence and isolation might be a next step. But I have no idea what the current state of more fine-grained control via cgroups etc. is. It is probably more complex than the true and trusted method of just adding another user.<p>But what I <i>still miss</i> (and never really looked at) is an ACL or so system to make the game or webuser completely transparent/subordinate to my main user, meaning I can read, write and take ownership of any files of these sub-users but they have to obey standard permissions wrt. my files.
Check out
Http://ccl.cse.nd.edu/research/subid/ Ctrl+f for sub-identities<p>Disclaimer: roughly what this project does was the topic of my (somewhat silly) masters thesis. I even did roughly the same x11 nesting, and I took it a little farther and made a kernel module that lets "parent" idebtities behave as "effectively root" to their child identities.
Won't this cause any files/folders created by the process to be owned by said random uid? Seems like a great way to litter your filesystem with unreadable files/folders.