Here's some thoughts (I'm curious) on security subsystems that could be
implemented in Minix.

- Policy-Based Security. Think Mandatory Access Control, SELinux or
grsecurity or RSBAC type stuff. Server X can do Y, process X can do Y,
etc. This should be implemented such that I can control servers AND
user-level processes; it will probably require reading stuff through
the VFS and such.

- Memory protection control. I want to slide a server in that
prevents specific types of memory protection changes and mappings in
servers and processes, unless policy allows otherwise. See PaX, or
(draft document)
http://bluefox.kicks-ass.org/stuff/b...m_twoproc.html section
on Attack Model.

- Address space layout randomization. As I understand, Minix allows
services to control their own memory space. How the heck could you
slip memory space randomization in there in a general architecture?

There are other things I'm thinking about (auditing; syscall shaping
and process homeostasis re http://www.scs.carleton.ca/~soma/pH/ papers;
etc) but that kind of thing can be thought of later.

I'm simply academically interested. I know for example that long ago
someone said that to prevent the complexities of fine-tuned general
memory managers, Minix could (does?) let each server handle their own
memory management; how the heck do you implement the second and third
item up there like this? I also know that policy-based security would
be another server; how would you force operations in one server to go
through the policy server? How would you even get policy to the kernel
before the file system is up (initrd-type mechanism re. Linux?)?