Interesting approach for providing operating system structuring support for security against received data objects that become active.

The current default is that such active objects execute with user permissions.

This system provides support for these objects to run with a smaller (minimal?) set of permissions needed to carry out their task.


Seems potentially problematic to properly assign and maintain all of these sub-user ids. Also to get the set of permissions properly done for each. Trading off one problem for another?