At Thu, 13 Oct 2005 11:15:21 +0200, Alfred M Szmidt wrote: > > Actually, any kind of security would already be good enough for me. > > Then why not `not use chroot(), and use sub-hurd'?
Why not use a second machine? As I said previously, I want security while sharing selectively. > I read your other mail in response to mine. I see many claims in > it, but no arguments. Thus, I can't response beyond what I already > said on the issue, which I won't repeat. > > I don't see any claims in my messages. Maybe you should reread it, > and the previous ones. One of the claims is that chroot() is insecure. But it's not chroot() that's insecure in todays systems, it's the rest of the system that is. In fact, this goes double for the Hurd: The chroot() itself works. Shadow parents on directory capabilities work. It's the rest of the system that leaks the authority, not the reparented directory. This is not a play with words. I am not trying to have a discussion about chroot(). I am trying to have a discussion about the rest of the system. You keep ignoring that topic. The best you can offer is to use a completely different system, which works, and often is an acceptable solution on purely practical terms, but offers no insight whatsoever into the question how to be secure _and_ share. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
