On Wed, Nov 24, 2004 at 07:50:59AM +0200, Ognyan Kulev wrote:
James Youngman wrote:
On Mon, Nov 22, 2004 at 06:05:43PM -0800, Martin Buchholz wrote:
Unlike replacing directories with symlinks, where the malicious
possibilities are evident, I don't see any malicious possibilities
arising out of mounted filesystems replaced by other filesystems.
Is there a consensus agreeing with this point of view? If so, that
would make the implementsation much simpler...
This is not valid in GNU Hurd where it's natural translators to be set up
on file/directory by ordinary user. (Translators are user-space programs
that handle filesystem requests. st_dev/st_fsid is translator's PID and
"automounted" filesystems are called passive translators.)
Hmm. The typical care we're considering is where root is running
"find" and an ordinary user is trying to persuade find to perform an
operation for him (e.g. delete a file which the user would not
ordinarily be able to delete). This is not a root versus ordinary
user issue, it's a user-1 versus user-2 issue.
I would have assumed that security considerations would require that
although ordinary Hurd users can set up translators, the translators
they've set up would no appear in other users' views of the
filesystem. If translators you've set up are invisible to me when I'm
running "find", they can't be used to compromise my security, can
they?
I'm afraid I'm not that familiar with Hurd, but ensuring that GNU find
works well on Hurd is obviously something that the FSF wants to do.