bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Niches for the Hurd: evaluation method; was: DRM musings, capabiliti

From: olafBuddenhagen
Subject: Re: Niches for the Hurd: evaluation method; was: DRM musings, capabilities and stuff
Date: Mon, 22 Dec 2008 01:58:09 +0100
User-agent: Mutt/1.5.18 (2008-05-17) 
Hi,

On Thu, Dec 18, 2008 at 04:03:39PM +0100, Michal Suchanek wrote:
> 2008/12/18  <olafBuddenhagen@gmx.net>:

> I find persistence and storage mechanism that works well with it quite
> useful.

Well, *we* don't find EROS-like persistence useful for our purpose. I
never found it useful, as you might remember; and Marcus, who was
advocating it for a while, finally came to the very same conclusion.
(After stumbling over some site with various articles explaining the
issues much better than I can.)

I'm not sure about Neal's current stance.

> I also do not see why do you want to throw away secure IPC

We don't want to throw away secure IPC.

EROS/Coyotos doesn't have a monopoly on secure IPC, though. Its fully
synchronous IPC is not suitable for us -- even Shapiro admitted this;
and while he backed out the changes from Coyotos again (don't know the
specific reasons), Marcus and Neal still think that a partially
asynchronous mechanism is more useful for us.

> and resource management

The main idea behind Neal's resource management work is that
applications should be involved, which is in direct opposition to
Shapiro's approach.

> As I said numerous times hiding things from child process can be
> turned into hiding things from parent process.

No, you didn't -- at least not on-list. All you did so far was
repeatedly asserting that any security automatically means being able to
hide anything, without anything to back this assertion.

> After all, your login shell is normally started by some other service
> which has all the power to hide things from it.

So?

> The only difference we are discussing round and round is whether this
> service is configured to possibly hide something from all shells or if
> there is a 'root' shell that can access everything.

No idea what you mean.

All processes started by the user are descendants of the user's session,
and thus the user has full control over them.

Perhaps you mean that the implementation of the user session itself
could be treacherous, which is of course true -- but again, this
requires the admin to actively take part in the treachery. It's not
something implicitely provided by the standard system mechanisms.

> > Everything that was said about a POSIX layer for Coyotos (or a
> > Coyotos-like ngHurd) implies a distinct POSIX environment, which
> > allows running existing applications in some kind of jail, pretty
> > much isolated from the "native" environment with new applications.
> > This is not acceptable IMHO. The Hurd allows running traditional and
> > new applications *in the same environment*. This is what makes it
> > attractive to me.
> 
> Since all applications would be run each in its own jail by default I
> do not see anything wrong with that.

Everything is wrong with that.

I do not want a system which has one part that is essentially UNIX for
"legacy" software, and another part that is something completely
different for the Brave New World. What I want is a system with only one
integral part -- being mostly UNIX-compatible and UNIX-like be default,
and yet offering many new possibilities; more generally, giving the user
much more control over the environment.

This is what the Hurd provides.

-antrik-
reply via email to
[Prev in Thread] Current Thread [Next in Thread]