help-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: If QNX is successful, why NOT GNU Microkernels

From: Olivier Galibert
Subject: Re: If QNX is successful, why NOT GNU Microkernels
Date: Tue, 27 Jan 2004 12:25:24 +0100
User-agent: Mutt/1.4.1i 
On Tue, Jan 27, 2004 at 09:24:37AM +0100, Marcus Brinkmann wrote:
> On Wed, Jan 21, 2004 at 07:28:10PM +0100, Olivier Galibert wrote:
> > What are these other things, apart from the passive translators[1]?
> > [1] Very nice, but also lacking a working security model.
> 
> We have a working security model, thank-you-very-much (note: the current
> implementation has its own flaws, but we know the fix to all known-flaws).
> If you have any particular criticism, please say it out loud.

Well, the main questions I see that I was unable to find a good answer
about last time I looked were:

- when doing a find, how do you recognize a translator you want to
  follow from one you don't, especially since it varies depending on the
  reason of the find.  Think local disk mouting vs. ftp mount
  vs. firmlink vs. cvs mount.  Also, the system administration can
  very easily make loops my mistake if you allow multiple translators
  for the same on-disk filesystem.  And if you don't it's an extremely
  useful capability you lose.

- what happens to translators through nfs or other networked
  filesystems

- who runs a translator, with what environment (very important with
  shared libs), with what parameters (if any).  And what can it say
  about the files it serves (setuid, file owners, other
  translators...)

That's from the top of my head.  I failed to find a document that
analyzed the security implications of translators and what was done to
take care of them.  Maybe I just didn't look in the right place.  That
kind of questions is not answered reasonably in the monolithic kernel
world though, afaict.

  OG.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]