On Tue, Jan 27, 2004 at 09:24:37AM +0100, Marcus Brinkmann wrote: > On Wed, Jan 21, 2004 at 07:28:10PM +0100, Olivier Galibert wrote: > > What are these other things, apart from the passive translators[1]? > > [1] Very nice, but also lacking a working security model. > > We have a working security model, thank-you-very-much (note: the current > implementation has its own flaws, but we know the fix to all known-flaws). > If you have any particular criticism, please say it out loud.
Well, the main questions I see that I was unable to find a good answer about last time I looked were: - when doing a find, how do you recognize a translator you want to follow from one you don't, especially since it varies depending on the reason of the find. Think local disk mouting vs. ftp mount vs. firmlink vs. cvs mount. Also, the system administration can very easily make loops my mistake if you allow multiple translators for the same on-disk filesystem. And if you don't it's an extremely useful capability you lose. - what happens to translators through nfs or other networked filesystems - who runs a translator, with what environment (very important with shared libs), with what parameters (if any). And what can it say about the files it serves (setuid, file owners, other translators...) That's from the top of my head. I failed to find a document that analyzed the security implications of translators and what was done to take care of them. Maybe I just didn't look in the right place. That kind of questions is not answered reasonably in the monolithic kernel world though, afaict. OG. _______________________________________________ Help-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/help-hurd
