[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-devel] DazukoFS ignore device
|
From: |
John Ogness |
|
Subject: |
Re: [Dazuko-devel] DazukoFS ignore device |
|
Date: |
Fri, 07 Nov 2008 17:17:56 +0100 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) |
On 2008-11-07, Lino Sanfilippo <address@hidden> wrote:
> would it make sense to you to extend the dazukofs.ign device in a
> way that a process is able to register other processes (i.e. by
> writing their pid to it)? I think that could be useful for
> applications that use a single process to manage the access
> permissions of other applications/processes.
I agree that it could be useful, but PID's are not very secure. The
Dazuko 2.x method of allowing child-processes to be trusted is
probably a better way to go.
I suppose writing something to the dazukofs.ign device could be used
to interpret if children should be ignored or not. However, that is
quite an expensive feature. For every file access, Dazuko(FS) must go
through the list of ignored processes and check if the accessing
process is a child of that process.
I am worried that dazukofs.ign will become the "rule" instead of the
"exception" for application developers. This is not something that we
should encourage.
I need to let this thought sit on my brain for a little while. Anyone
else have comments on this?
John Ogness
--
Dazuko Maintainer