signature.ascDescription: OpenPGP digital signature
|
| From: | Bas Wijnen |
| Subject: | Re: Questions |
| Date: | Mon, 01 Nov 2004 10:14:42 +0100 |
| User-agent: | Mozilla Thunderbird 0.8 (X11/20040926) |
Sam Mason wrote:
An interesting discussion then becomes how do we determine the permissions of everything? We probably don't want remote users to be able to talk to whatever device was just plugged in. But I guess this isn't anything of great immediate interest as it should be easy to leave this sort of policy till much later.
This problem is already solved in the Hurd on Mach. The actual device drivers are translators on files. A translator can only be started by the owner of a file. By default, users will only follow translators owned by themselves or root. If you want to use someone elses translator, you have to specifically say so, otherwise you end up accessing the file it connects to.
This is especially important for root, who doesn't want to risk executing user code every time an operation on untrusted files is performed. The programs are still executed by the running user, which is root.
Thanks, Bas
signature.asc
Description: OpenPGP digital signature
| [Prev in Thread] | Current Thread | [Next in Thread] |