[cap-talk] More Heresey: ACLs not inherently bad
Jonathan S. Shapiro
shap at eros-os.com
Thu Sep 11 04:43:13 CDT 2008
On Wed, 2008-09-10 at 07:56 -0700, John Carlson wrote:
> On Sep 10, 2008, at 3:30 AM, Jonathan S. Shapiro wrote:
> > This is precisely the operation that is both performance prohibitive
> > and
> > (human) complexity prohibitive. It will turn out that humans can't
> > make
> > the necessary decisions to decide what goes in to those directories.
>
> Perhaps the directory could be created based on a searches? What
> determines what can be searched, and does searching require ambient
> authority?
So you are proposing that before the user runs any program, they must
first perform a search to specify the contents of the directory to be
used as the environment of that program?
No thanks.
I think what is more likely is to see a convention in which parts of the
directory tree are generally accessible but deeply read-only (e.g. /bin)
while other parts are potentially writable but are visible only through
a mediating agent (e.g. a power box).
shap
More information about the cap-talk
mailing list