I think that FUSE would not be used for sharing capabilities, so I don't see it as a problem. ---- - Think carefully.
On Wed, Feb 2, 2011 at 5:41 PM, Chris Palmer <[email protected]> wrote: > Brian Warner writes: > > > My problem with FUSE as the primary entry point is that it loses the > whole > > least-authority model. The POSIX filesystem APIs don't expose things like > > retrieving a dircap for the subdirectory that you want to share with a > > friend, so the easiest thing to do is to share your whole rootcap with > > somebody, the equivalent of sharing passwords from the bad-old-days. It > > also doesn't let you write programs that are restricted to interacting > > with just a subset of your filesystem, so all the usual Confused Deputy > > vulnerabilities are still around. > > Well, a WUI is no way to solve the confused deputy problem. :) > > > -- > http://noncombatant.org/ > > _______________________________________________ > tahoe-dev mailing list > [email protected] > http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev >
_______________________________________________ tahoe-dev mailing list [email protected] http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
