bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Hurd: what is it?


From: Marco Gerards
Subject: Re: The Hurd: what is it?
Date: Sat, 12 Nov 2005 20:45:14 +0100
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)

Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> writes:

> At Wed, 09 Nov 2005 21:54:52 +0100,
> Marco Gerards wrote:
>> 
>> Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de> writes:
>> 
>> > The active translator problem seems serious to me.  Without any
>> > guarantee about the implementation of a service, you can not know what
>> > it does.  This means that you must be prepared for any malicious
>> > behaviour, including: no response (stalling the client), infinite
>> > virtual directory tree, confusing inode numbers and link counts,
>> > rapidly changing filesystem structure (to trigger race conditions) etc
>> > etc.
>> >
>> > This is why in FUSE, users don't see the user filesystems of other
>> > users.  I am afraid that given the seriousness of the problem, this is
>> > the only sane option.  Only with a broader semantic framework can you
>> > re-enable sharing on a case by case basis.
>> 
>> This was discussed on bug-hurd before.  Doesn't the proposed solution
>> of making it possible for the user to configure which translators are
>> trusted and which are not?  For example, I could configure I only want
>> to follow translators set by root and myself.
>
> Yes, but it reduces the advantages of translators.  It defeats the
> design to some extent.

Only when you have multiple users that want to share a translator and
when they do not trust each other.  At the moment such multi user
systems are quite rare AFAIK.  More common is a system with a single
user who is also has the root password.

But I agree that is reduces the advantage of translators.  But I see
no way to completely fix that.

--
Marco





reply via email to

[Prev in Thread] Current Thread [Next in Thread]