Re: [Bitcoin-development] BitCoin and MinorFs/AppArmor
My efforts on MinorFs2 have been stalled for a large period of time (resulting from the fact that I was writing it in Python and Google pulling the plug on its codesearch server showed me that Python was a language that I hadn't sufficiently mastered. Recently, after almost a year of reluctance at starting from scratch, I finaly set myself to rewriting what I had done so far in C++ and to continue development. Yesterday I've also started at a library for making the usage of MinorFs by applications like Bitcoin more convenient. The idea is that LibMinorFs will become a simple to use library for making applications MinorFs2-aware. I would like to ask if the bitcoin developers would be open to using this library within bitcoin for making BitCoin MinorFs2 aware, allowing it to store things like the BitCoin purse in a private directory that is not available to other unrelated (potentially trojan) processes running under the same uid. The API is defined in the inc/minorfs/ directory and the usage shown in src/testmain.cpp https://github.com/pibara/LibMinorFs2 Both the library and the filesystems are still far from being done, but I would like to know if you guys would be open to a pull-request that would incorporate a copy of this library into Bitcoin, making BitCoin use private storage when available, implemented using the above API. Please let me know what you think. Rob On Fri, August 26, 2011 08:48, Rob Meijer wrote: A few years ago I wrote a least authority based set of filesystems named MinorFs that worked closely together with AppArmor (suse/ubuntu) to give ' pseudo persistent processes' their own private but decomposable and delegatable piece of filesystem storage: http://www.linuxjournal.com/magazine/minorfs http://www.capibara.com/blog/2011/05/25/taming-mutable-state-for-file-systems/ Currently there is only one perfect fit for MinorFs and that's the stack AppArmor/MinorFs/E-language-persistent-application. There are some close fits like running ssh without a passphrase ( http://minorfs.polacanthus.net/wiki/Ssh_private_keys_without_passphrase ) but these require lots of manual fiddling by the user to get working. The ssh trick would probably work with bitcoin, but as you can see from the link above, it would be rather cumbersome. I am trying to get specs together for rewriting MinorFs (in Python) in a way that would make it easy and natural for application developers that want their application to be able to protect user data (like bitcoin wallets) from mallware running under the same uid as that user. Currently minorfs granularity is hard fixed to that of the 'pseudo persistent process', and that granularity is determined as described in the following link: http://minorfs.polacanthus.net/wiki/Pseudo_persistent_process When using pseudo persistent processes, you basically end up with file-system storage that follows almost all of the modeling principles of the object capability model. This is great when designing a least authority program from scratch and writing it in the (object capability) e-language using its persistence facilities. Given however that I don't expect bitcoin, openssh, chrome, firefox, or any other application that would benefit from what MinorFs provides to be rewritten in E, it seems like the next version of MinorFs should give up on the purity of its least authority model, and take an approach that better suits common development languages and practices. With bitcoin being a project that could benefit most from what MinorFs has to offer, I would like to ask bitcoin developers to think about what attributes from the current granularity level (pseudo persistent process) should be kept, what attributes should be dropped, and what properties should be added to arrive at an 'id' that is the best fit for granularity of persistent private storage for bitcoin. I really want to accommodate bitcoin developer needs in this, so all input that helps me help you guys to get the next MinorFs version to accommodate your needs to a level that code to use MinorFs where available can be added to bitcoin, would be extremely welcome. Let me know what you think, Rob -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video
Re: [Bitcoin-development] BitCoin and MinorFs/AppArmor
On Fri, Sep 2, 2011 at 8:32 PM, Rob Meijer capib...@xs4all.nl wrote: Given that there was not a single response to my post, I gather there is no to little interest in an updated MinorFs that could be used by bitcoin on systems that support AppArmor (Ubuntu and OpenSuse). Oh yes there is interest. I meant to reply but haven't been able to put much energy in bitcoin development lately. More strict privilege seperation between applications on a least-authority basis is something that Ubuntu is certainly going to need if they're serious with the app store thing (and want to keep up with Android and Macosx...). This has been needed for a long time, and this would be useful for any private data managed by applications running as the same user (ssh, browsers, pgp, ...) Wallet encryption is useful and necessary but no substitute for OS-level protection. Nevertheless I've put down the initial set of specs for a rewrite of MinorFs for if anyone would like to comment on them to make a future match with Bitcoin more likely, I'm open to all sugestions: http://minorfs.polacanthus.net/wiki/Concepts_for_MinorFs2 You have to rewrite the entire thing from scratch? This is probably blasphemy but: how can it be compared to the android model, with a UID per application/user, and thus layering the security on top of current UNIX/ACL permissions? Is another FS really needed? JS -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] BitCoin and MinorFs/AppArmor
Given that there was not a single response to my post, I gather there is no to little interest in an updated MinorFs that could be used by bitcoin on systems that support AppArmor (Ubuntu and OpenSuse). Nevertheless I've put down the initial set of specs for a rewrite of MinorFs for if anyone would like to comment on them to make a future match with Bitcoin more likely, I'm open to all sugestions: http://minorfs.polacanthus.net/wiki/Concepts_for_MinorFs2 On Fri, August 26, 2011 09:48, Rob Meijer wrote: A few years ago I wrote a least authority based set of filesystems named MinorFs that worked closely together with AppArmor (suse/ubuntu) to give ' pseudo persistent processes' their own private but decomposable and delegatable piece of filesystem storage: http://www.linuxjournal.com/magazine/minorfs http://www.capibara.com/blog/2011/05/25/taming-mutable-state-for-file-systems/ Currently there is only one perfect fit for MinorFs and that's the stack AppArmor/MinorFs/E-language-persistent-application. There are some close fits like running ssh without a passphrase ( http://minorfs.polacanthus.net/wiki/Ssh_private_keys_without_passphrase ) but these require lots of manual fiddling by the user to get working. The ssh trick would probably work with bitcoin, but as you can see from the link above, it would be rather cumbersome. I am trying to get specs together for rewriting MinorFs (in Python) in a way that would make it easy and natural for application developers that want their application to be able to protect user data (like bitcoin wallets) from mallware running under the same uid as that user. Currently minorfs granularity is hard fixed to that of the 'pseudo persistent process', and that granularity is determined as described in the following link: http://minorfs.polacanthus.net/wiki/Pseudo_persistent_process When using pseudo persistent processes, you basically end up with file-system storage that follows almost all of the modeling principles of the object capability model. This is great when designing a least authority program from scratch and writing it in the (object capability) e-language using its persistence facilities. Given however that I don't expect bitcoin, openssh, chrome, firefox, or any other application that would benefit from what MinorFs provides to be rewritten in E, it seems like the next version of MinorFs should give up on the purity of its least authority model, and take an approach that better suits common development languages and practices. With bitcoin being a project that could benefit most from what MinorFs has to offer, I would like to ask bitcoin developers to think about what attributes from the current granularity level (pseudo persistent process) should be kept, what attributes should be dropped, and what properties should be added to arrive at an 'id' that is the best fit for granularity of persistent private storage for bitcoin. I really want to accommodate bitcoin developer needs in this, so all input that helps me help you guys to get the next MinorFs version to accommodate your needs to a level that code to use MinorFs where available can be added to bitcoin, would be extremely welcome. Let me know what you think, Rob -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development