[cap-talk] object-oriented-security.org
Kenton Varda
kenton at google.com
Fri Mar 5 17:01:29 PST 2010
On Fri, Mar 5, 2010 at 2:54 PM, Kevin Reid <kpreid at mac.com> wrote:
> Access to “the filesystem of this machine”, or rather let's say to
> open(), *is* inherently a singleton; similarly “Internet access from
> this machine”, “the free memory of this machine”, etc. In order to not
> have singletons here, you have to add some type of subdivision (which
> may be non-natural to the platform) such as “access to the subtree of
> the filesystem rooted at this path”.
>
No, filesystem access is not inherently a singleton. You may want to use an
in-memory filesystem, a chrooted filesystem, a cloud-based filesystem, etc.
In fact, even ignoring security, there are huge benefits to making the
filesystem not be a singleton.
At Google, we have a group of people that evangelize testability. One thing
they recommend is that if you write code that does any filesystem access, it
do it against an abstract interface representing the filesystem. That way,
your tests can provide a mock implementation and thus do not have to do any
I/O. Most developers here now seem to accept that this is a good thing to
do -- and they aren't even thinking about security!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100305/636fac93/attachment.html
More information about the cap-talk
mailing list