Re: Passive versus active translators

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passive versus active translators

From:	Neal H Walfield
Subject:	Re: Passive versus active translators
Date:	Thu, 21 Jun 2001 23:48:02 -0500
User-agent:	Mutt/1.3.18i

My point is that whether a translator is started by the filesystem or by
settrans, the behavior should be basically the same.

> >     o Current working directory
> >             - settrans: user's current working directory
> >             - libfshelp: the directory in which we find the
> >               translator.
> In the case of settrans it is logical to set the cwd of the translator
> to the user's current cwd like for any other program the user runs. And
> as for the second case, there's not much chioce but to start the
> translator in the directory of the node. And it also makes sense,
> think relative symlinks.

I do not see how this makes sense.  I see how it is logical, however, it
is misleading.  Consider the following:

        # settrans -cap ~/foo /hurd/isofs cdimage

The active translator will start, however, once it is stopped, the
filesystem will to be able to restart it.  In this scenario, guessing
from the `-ap', the user likely wants to make sure that the translator
is setup and correctly and then wants to forget about it.

> >     o User ids
> >             - settrans: The euid and egid of the user that lauched
> >               settrans.
> >             - libfshelp: The uid and gid of the node.
> The user might not always (unlike root) have the ability change
> the euid and egid of a process to those of an arbitrary node.
> So the translator has to be started with the priviliges of the
> user.

Not true; make settrans suid root.

> And if a passive translator is started up with the
> priveleges of the user that wakes it up it, it would be impossible
> to implement some things that translators do already. For example
> a filesystem translator has to run with the priveleges of the
> underlying node, otherwise it would be unable to write any data
> to store-nodes which have root-only write permissions.

I am not suggesting this at all.  This is what I am trying to
communicate:

        # cd
        # sudo settrans -acp foo /hurd/ext2fs /dev/hd0s2

ext2fs is launched as root.root.  However, the passive translator will
run as root.neal (as my home directory is neal.neal).  Now, because the
Hurd has group leaders, I will be considered an owner of the translator.

The active translator should be started with the same ids that the
passive translator will be started with.

pgpQTHci6E5QR.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Passive versus active translators, Neal H Walfield, 2001/06/21
- Passive versus active translators, Neal H Walfield, 2001/06/21
  - Re: Passive versus active translators, Igor Khavkine, 2001/06/21
    - Re: Passive versus active translators, Neal H Walfield <=
    - Re: Passive versus active translators, Niels M�ller, 2001/06/24
- Re: Passive versus active translators, Igor Khavkine, 2001/06/22
  - Re: Passive versus active translators, Neal H Walfield, 2001/06/22
    - Re: Passive versus active translators, Igor Khavkine, 2001/06/22

Prev by Date: Re: "" as target of symlink kills translator
Next by Date: Re: GCC-3.0 uploaded to incoming
Previous by thread: Re: Passive versus active translators
Next by thread: Re: Passive versus active translators
Index(es):
- Date
- Thread