Hi, On Mon, Jun 15, 2009 at 01:24:05AM +0200, olafbuddenha...@gmx.net wrote: > On Wed, Jun 10, 2009 at 01:49:02PM +0200, Carl Fredrik Hammar wrote: > > > I've been making some progress code-wise with libmob. In particular I > > have written a working server for secure comparison of ports. > > Actually, I'm not sure where the comparision server fits in, in view of > certain conclusions from the recent IRC discussions?...
The current plan is for the sender to give the dependencies if the receiver holds its task port. cmp will be used to prove this. The sender can send an arbitrary PID to the receiver, so if the receiver simply gave the task port it got from proc to the sender, it could result in privilege escalation for the sender. > > Mostly so that I don't feel the need to follow commit conventions and > > such, and continue to just ``go for it''. > > As long as you consider you branch to be inofficial, you can do whatever > you want -- it really doesn't matter whether you branched it from the > Hurd repository, or build it standalone. The former is more convenient > though IMHO. I'll consider switching to a branch. How do I go about this in practice when the Hurd's repository is in migration limbo? Initialize a git repository with a CVS checkout? > > For now I use 1234000 as the subsystem number. > > I'm not sure what numbers new subsystems should use. It seems that the > existing subsystems are below 100000, where a reserved range begins. > (For ioctls IIRC.) I guess new subsystems should go below the reserved > range, though technically putting them above the end of the reserved > range probably also works... The ioctl range ends at 164200 and the highest subsystem over that is 888888. I'm well above either, so I should be `safe'. I think I'll wait to change it until I put it in the Hurd, and then I'll just pick the next free subsystem number after the normal subsystems. > > I based the translator on password originally, since it also is a > > trivial translator whose main interface isn't IO. So currently I > > state this as well in the relevant copyright notices. But this code > > is similar to a lot of other trivfs translators, has diverged, and it > > is only a small portion of the actual functionality. With that in > > mind is it really necessary to state that in the copyright? (It is > > also based on auth, but here I believe attribution is in order.) > > As the copyright holder is the same, it's not really necessary to state > where the code came from at all. What about the copyright years? Regards, Fredrik
