| Plash: tools for practical least privilegeDownloading and installing Plash |
Packages are available for three distributions on i386. To install using APT, add one of the following lines to your /etc/apt/sources.list file:
For Debian Etch and Debian unstable/sid (using glibc 2.3.6):
deb http://plash.beasts.org/packages/debian-etch ./
For Debian Sarge (using glibc 2.3.6; Python and Gtk support not included):
deb http://plash.beasts.org/packages/debian-sarge ./
For Ubuntu Edgy Eft (using glibc 2.4):
deb http://plash.beasts.org/packages/ubuntu-edgy ./
And then do:
apt-get install plash
Debian source packages can be downloaded using APT, by adding one of the lines above to sources.list along with the corresponding deb-src line. For example:
deb http://plash.beasts.org/packages/ubuntu-edgy ./ deb-src http://plash.beasts.org/packages/ubuntu-edgy ./
Since Plash builds a modified version of glibc, it requires a copy of the glibc source. The glibc source tarball is not included in the Plash source package, but in a separate binary package such as glibc-source-2.5. This and other build dependencies will be installed by doing:
apt-get build-dep plash
Get the source package with:
apt-get source plash
and build with:
dpkg-buildpackage -rfakeroot -b -D
Build glibc:
./build-glibc.sh 2.5 unpack configure build build_extra
Plash can be built against glibc 2.5, 2.4 or 2.3.6. Replace "2.5" above with the glibc version you want. Note: glibc 2.4 dropped support for Linux 2.4 and earlier, hence Plash's support for glibc 2.3.6.
The glibc source tarballs must be present. The script looks for them in the current directory and in /usr/src, and will suggest files to download if it does not find them. You will probably need one of the following:
Building glibc is the most resource-intensive step. It uses about 100 Mb of disc space, and takes 13 minutes on an Athlon XP 3200 machine. Note that if you are getting a new revision of Plash by doing "svn update", glibc usually does not need to be re-built.
If you have checked out the source from Subversion (rather than downloading a tarball), the "configure" script will not be present. You will need to install autoconf and run:
autoconf
Build Plash itself:
./configure GLIBC_DIR=glibc-2.5-objs ./make.sh
(again, replace "2.5" with your desired glibc version).
To install Plash, run the following command as root:
./install.sh /
The Subversion repository contains multiple versions of the debian packaging scripts. By default, "debian" is a symlink pointing to "debian-etch", but it can be changed to point to "debian-sarge" or "debian-edgy". The script "make-deb-src-pkg.sh" can create source packages for all three variants in one go.
Bleeding-edge versions of Plash are available from the Subversion (SVN) repository, which is hosted by gna.org.
Checkout over SVN protocol (TCP 3690):
svn co svn://svn.gna.org/svn/plash/trunk plash
Checkout over http:
svn co http://svn.gna.org/svn/plash/trunk plash
| Version | Files | Description of main changes |
|---|---|---|
| Version 1.17 (23rd December 2006) |
|
Add Python bindings for Plash object interface. Add cow_dir (layered/copy-on-write directories). Add -e option to pola-run. Update to build with glibc 2.3.6, 2.4 and 2.5. Improved Debian packaging. |
| Version 1.16 (15th March 2006) |
|
Rewrite Powerbox for Gtk: now inherits from GtkDialog and so works with more applications. Overhauled documentation and build/install process. |
| Version 1.15 (12th December 2005) |
|
Added Powerbox for Gtk. Fixes to allow Konqueror and Gnumeric to run. |
| Version 1.14 (9th November 2005) |
|
Added powerboxes. |
| Version 1.13 (6th October 2005) |
|
Much-improved build system. |
| Version 1.12 (19th September 2005) |
|
Initial version of pola-run. Fixed gc-uid-locks race conditions. Include libm.so etc. in packages. |
| Version 1.11 (13th August 2005) |
|
Major new feature: Add plash-run-emacs tool. Made changes so that it's safer to run the shell as root. Documentation has been improved, and converted to DocBook format. |
| Version 1.10 (20th July 2005) |
|
Implemented fchdir(). "rm -r", "install -d" and "mkdir -p" now work. |
| Version 1.9 (10th July 2005) |
|
Changed implementation of file namespace construction. Now possible to add/replace entries in existing directories (without modifying the directory). |
| Version 1.8 (22nd May 2005) |
|
Overhauled build system for modified glibc. Add option for granting access to the X11 Window System (off by default). New mechanism for setting shell options. Added limited support for directory file descriptors, so that XEmacs works. |
| Version 1.7 (1st May 2005) |
|
Major new feature: executable objects. |
| Version 1.6 (18th January 2005) |
|
New argument syntax: "PATHNAME = EXPR", allowing objects to be attached anywhere in the file namespace. |
| Version 1.5 (7th January 2005) |
|
Add recursive read-only directories. Add example "chroot" program: first tool to use object-capability protocol. |
| Version 1.4 (4th January 2005) |
|
Implemented object-capability protocol. This is used as an additional layer in the communication between client and server. |
| Version 1.3 (29th December 2004) |
|
Better security: runs processes under dynamically-allocated user IDs rather than the user "nobody". Add globbing and file descriptor redirection to the shell. Implemented bind(), symlink(), utime(), rename() and link(). |
| Version 1.2 (18th December 2004) |
|
Fixed open64() and libpthread.so. Implemented pipes in the shell. Added "!!" syntax to shell. Added support for "#!" scripts. Added options window for enabling logging. |
| Version 1.1 (10th December 2004) |
|
Added job control to shell. |
| Version 1.0 (7th December 2004) |
|
First version. |