[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurdish applications for persistence

From: Bas Wijnen
Subject: Re: Hurdish applications for persistence
Date: Fri, 14 Oct 2005 14:44:49 +0200
User-agent: Mutt/1.5.11

On Thu, Oct 13, 2005 at 11:49:49AM -0400, Jonathan S. Shapiro wrote:
> On Thu, 2005-10-13 at 11:48 +0200, Bas Wijnen wrote:
> > On Wed, Oct 12, 2005 at 09:21:24PM -0400, Jonathan S. Shapiro wrote:
> > > Umm, guys? Chroot() was a late bolt-on to UNIX that attempted to provide
> > > a best-effort approximation to confinement in a system where it was way
> > > too late to do the real thing.
> > > 
> > > There may be a good reason to copy a known bad quick patch when we now
> > > have a better solution, but could somebody explain it to me?
> > 
> > Because we want POSIX, of course.  However, in this case I would suggest a
> > different solution: Provide chroot, but let it fail unless an environment
> > variable or something is set...
> Please let us know what you think of the Korn/Gansner approach as an
> alternative. I think it's cleaner.

It would definitely be cleaner, but I think it doesn't solve all problems.
Even when we solve the passive translator problem (say, by dropping them and
making a persistant system), there are still active translators.

If the chrooted filesystem contains an active translator, it will (correctly)
have a different root.  This can be used to construct communication channels,
but I feel it would also generate accidental channels.

Of course there is no danger of a chrooted task abusing it, as active
translators started by it will be chrooted as well.

I'm not sure if this really would become a problem, it's just intuition.

Anyway, a chroot with the Korn/Gansner approach sounds much better than what I
suggested, I'm just not sure if we shouldn't still recommend to not use it
(which is a sentence with far too many negations, sorry about that).


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]