Marcus Brinkmann <[EMAIL PROTECTED]> writes: > At Wed, 09 Nov 2005 21:54:52 +0100, > Marco Gerards wrote: >> >> Marcus Brinkmann <[EMAIL PROTECTED]> writes: >> >> > The active translator problem seems serious to me. Without any >> > guarantee about the implementation of a service, you can not know what >> > it does. This means that you must be prepared for any malicious >> > behaviour, including: no response (stalling the client), infinite >> > virtual directory tree, confusing inode numbers and link counts, >> > rapidly changing filesystem structure (to trigger race conditions) etc >> > etc. >> > >> > This is why in FUSE, users don't see the user filesystems of other >> > users. I am afraid that given the seriousness of the problem, this is >> > the only sane option. Only with a broader semantic framework can you >> > re-enable sharing on a case by case basis. >> >> This was discussed on bug-hurd before. Doesn't the proposed solution >> of making it possible for the user to configure which translators are >> trusted and which are not? For example, I could configure I only want >> to follow translators set by root and myself. > > Yes, but it reduces the advantages of translators. It defeats the > design to some extent.
Only when you have multiple users that want to share a translator and when they do not trust each other. At the moment such multi user systems are quite rare AFAIK. More common is a system with a single user who is also has the root password. But I agree that is reduces the advantage of translators. But I see no way to completely fix that. -- Marco _______________________________________________ Bug-hurd mailing list Bug-hurd@gnu.org http://lists.gnu.org/mailman/listinfo/bug-hurd
