[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passive versus active translators

From: Igor Khavkine
Subject: Re: Passive versus active translators
Date: Fri, 22 Jun 2001 12:09:03 -0400

Neal H Walfield wrote:
> > > I do not see how this makes sense.  I see how it is logical, however, it
> > > is misleading.  Consider the following:
> > >
> > >     # settrans -cap ~/foo /hurd/isofs cdimage
> > >
> > > The active translator will start, however, once it is stopped, the
> > > filesystem will to be able to restart it.  In this scenario, guessing
> > > from the `-ap', the user likely wants to make sure that the translator
> > > is setup and correctly and then wants to forget about it.
> >
> > You're confusing the behavior of settrans with mount. If you do:
> My argument is that this will work when setting the active translator,
> however, it will not work with a passive translator.  Why?  Only because
> of the current working directory -- this has nothing to do with parsing
> the arguments to the translator.

Your argument rests on the fact that you want settrans and passive
to behave the same. I want settrans to be equivalent to launching a
and a passive translator to be equivalent to an automatic daemon
starting up.
With settrans you can lauch a translator and have it's cwd be your cwd.
can achieve the effect of a passive translator startup with:

        # cd ~; settrans -cap ~/foo /hurd/isofs cdimage; cd $OLDPWD

But if you make the default behavior to do this automatically you would
be able to do some things that you could before. Like:

        # cd ~; settrans -ca stuff/foo /hurd/logging_translator

> > > Not true; make settrans suid root.
> >
> > This would open up a whole flood of security risks.
> If the filesystem already has root privleges then no; you have the same
> problems setting the passive translator.

Refresh my memory, is a user with read only access to a file able to set
an active translator on that node?

> > but by no means should the default ones be
> > the same as the underlying node.
> This is how a passive translator works.

I still think there might be security risks involved.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]