On 01/09/2013 10:04:23 AM, Eric Paris wrote:
Getting an EPERM/EACCES in userspace really kinda blows. As a user
you
don't have any idea why you got it. It could be SELinux, it could be
rwx bits on the file, it could be a missing capability, it could be an
ACL, it could be who knows what.
Adding SELinux, ACL, and capabilities to systems made them so much
easier to comprehend, didn't it? (My definition of "secure" includes
understanding what the system is doing. Crazy, I know.)
We'd like to start figuring out the
who knows what and hopefully find a way to expose that to userspace.
Obviously the response to having too many mechanisms doing the same
thing (badly) is to add a management interface. Piled higher and deeper.
But maybe those great minds on the lists can help me think of ways to
get Friendlier denials that I haven't thought of. Please. What are
you
thoughts, concerns, issues?
-EPERM was about file permissions. For SELinux and disability bits and
whatever they're calling OS/2 extended attributes this week you need
-EBUREAUCRACY.
Ken Thompson had the insight "files are just a flat sequence of bytes"
about the same time he invented subdirectories. Bruce Horn shoehorned
icon data into the Lisa filesystem metadata because they hadn't
implemented subdirectories yet so they couldn't collate files that way,
and apparently standard archive formats like "ELF" and "zip/jar" simply
didn't occur to him. (Yes really:
http://folklore.org/StoryView.py?project=Macintosh&story=The_Grand_Unified_Model_The_Finder.txt
).
Copying Bruce's reversion of Ken's insight because Microsoft blindly
copied Apple and now Windows doesn't know how to live without this
crutch really doesn't fill me with confidence. Oh well, too late now...
-Eric
Rob--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/