Re: Directories traversal (was Re: the deadly hypercube of death, or: ha

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Directories traversal (was Re: the deadly hypercube of death, or: ha

From:	Bas Wijnen
Subject:	Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions)
Date:	Fri, 28 Apr 2006 13:52:57 +0200
User-agent:	Mutt/1.5.11+cvs20060403

On Fri, Apr 28, 2006 at 01:33:39PM +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 28/04/2006 hora 12:12:
> > It's the other way.  /etc and /var don't exist, but we generate them
> > for POSIX applications (so they see them).  Different POSIX
> > applications may very well see different contents of the same
> > directory though.  Only for POSIX programs which spawned each other
> > must the tree be consistent.
> 
> That's interesting. I can only fear that it could be a step too large, a
> too big paradigm shift, for some users...
> 
> But maybe if it is very well explained, that won't be a problem.

For the user, the difference isn't that large.  The user still has his own
tree of files, and it doesn't change like it does between programs.  Programs
only get access to some of the files (or sometimes a subtree).  So it's a bit
strange for the programs.  But I'm sure they can handle it. :-)

It may be a bit strange for POSIX programs, though, since the "open file"
dialog will not show what the user expects.  It's probably a good idea to
patch those programs to make a library call which lets the user select the
file through his shell (just as a non-POSIX program would do it).  Or maybe
better, patch the toolkits.  So for example the Gtk+ FileSelectionDialog will
make that call.  Then the POSIX library will map the returned capability to an
arbitrary filename in the POSIX file system, and the program can use it.  The
user interface wouldn't change a lot, I suppose (except that Gtk+ can no
longer control the look of the dialog, but that's actually a good thing,
because it means that when it's compromised, it can't access files that you
didn't plan to give it a capability to).

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions), (continued)
- RE: the deadly hypercube of death, or: handling permissions, Christopher Nelson, 2006/04/27
  - Re: the deadly hypercube of death, or: handling permissions, Pierre THIERRY, 2006/04/27

Prev by Date: Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions)
Next by Date: Re: Child killing UI (was Re: Reliability of RPC services)
Previous by thread: Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions)
Next by thread: Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions)
Index(es):
- Date
- Thread