On Wed, 2011-02-02 11:10:13 -0800, Brian Warner <[email protected]> wrote: > On 2/1/11 5:36 PM, Greg Troxel wrote: > > Removal of CLI and WUI, and using only FUSE. This is the aspeect I'm > > most in favor of. > > My problem with FUSE as the primary entry point is that it loses the > whole least-authority model. The POSIX filesystem APIs don't expose > things like retrieving a dircap for the subdirectory that you want to > share with a friend, so the easiest thing to do is to share your whole > rootcap with somebody, the equivalent of sharing passwords from the > bad-old-days. It also doesn't let you write programs that are restricted > to interacting with just a subset of your filesystem, so all the usual > Confused Deputy vulnerabilities are still around.
Well, the caps could be supplied as extended attributes?
MfG, JBG
--
Jan-Benedict Glaw [email protected] +49-172-7608481
Signature of: If it doesn't work, force it.
the second : If it breaks, it needed replacing anyway.
signature.asc
Description: Digital signature
_______________________________________________ tahoe-dev mailing list [email protected] http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
