RE: FW: gnome



Fox, Kevin M wrote:
>As to why should it be in the kernel. It is the kernels job. Writeing a VFS
>library requires programs to be spacificly programmed for it and it
bypasses
>security. The reason why normal users cant mount is because of security. If
>you go around that it can be a really bad thing. Root MUST be able to
>restrict filesystems. Root MUST be able to say what user can do what.
>Implamenting libvfs as an NFS server allows root to control who can do what
>and removes the need for a program to be modified to use the libvfs
library.

You would seem to be vastly widening the scope of what VFS actually
does.

We're talking about ftp sites and tar files.  (At least for the time being.)
If the root doesn't want you to open a tar file it's a pretty trivial task
to
deny you read rights to it.  If the root doesn't want you to access an
ftp site he can set that up at the firewall, I suppose though I would
imagine
it would be more the job of that particular locations administrators to
limit
who has access.

If a library that allows programs to do either of those functions is all it
takes to bypass security, I think we have far greater problems on our
hands than VFS.

By the way, can anyone tell me how old VFS is?  It seems odd to
devote this much bandwidth to something that has been in place for quite
a while.  Shall we rewrite Midnight Commander because you feel that it's
ability to tar and ftp is a security risk?

If you want a NFS-VFS wrapper, I don't think anyone would discourage
you from writing it.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]