From: "David Dabbs" <david@dabbs.net>
To: Hans Reiser <reiser@namesys.com>, George Beshers <gbeshers@comcast.net>
Cc: Valdis.Kletnieks@vt.edu, David Dabbs <david@dabbs.net>,
reiserfs-list@namesys.com
Subject: Re: viewprinting: what format should views be stored in?
Date: Sat, 21 Aug 2004 07:38:18 -0000 [thread overview]
Message-ID: <20040821073818.D5EB115CBA@mail03.powweb.com> (raw)
>Hans Reiser wrote:
>We only do filesystem isolation because that is our specialty,
>filesystems, and it is better to do less well.
>
>We fundamentally differ from other approaches because I don't think the
>problem is in developing tools to allow people to fine grain security if
>they take the time to do it, I think the problem is that nobody has the
>time to specify fine grained security for the executables on their
>computers, and our focus is on the filesystem aspects of automating the
>specification of the fine grained security for an executable.
>Researchers after us can generalize our approach to things outside the
>filesystem namespace, or, better, put those things into the filesystem
>namespace.;-)
Sounds like your approach will differ a) in scope, in that you are only concerned with securing filesystem access and b) in that you will provide "wizards" where the other approaches provide none or the ones they provide suck. If this is the case, then why are we talking about mask interpreters and how they will moderate file access? Why aren't we focusing on your "sweet spot"; the wizards that assist the clueless/lazy/overworked admin in profiling a process in order to create and maintain the viewprint/mask?
If your ultimate concern is truly in providing tools that make it easy to deploy
comprehensive security, then it seems the approach to take is to contribute wizards/whatever that make implementing your process-oriented fs security vision incredibly simple under LSM or other framework. If you're only going to focus on your metier, filesystems, and exclusively on your own filesystem, at least contribute something that doesn't reinvent any wheels and which "plays well with others." People do need to secure more than the filesystem. Reiser4's adoption curve would seem to benefit if people can implement advanced filesystem security and also use the same framework to secure other aspects.
David
next reply other threads:[~2004-08-21 7:38 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-21 7:38 David Dabbs [this message]
2004-08-21 8:59 ` viewprinting: what format should views be stored in? Hans Reiser
-- strict thread matches above, loose matches on Subject: below --
2004-08-22 5:45 David Dabbs
2004-08-21 20:48 David Dabbs
2004-08-20 22:29 David Dabbs
2004-08-20 17:14 David Dabbs
2004-08-20 7:23 David Dabbs
2004-08-20 16:10 ` Valdis.Kletnieks
2004-08-20 21:04 ` George Beshers
2004-08-21 6:42 ` Hans Reiser
2004-08-19 7:40 David Dabbs
2004-08-19 11:21 ` David Greaves
2004-08-19 16:16 ` George Beshers
2004-08-20 6:19 ` Hans Reiser
2004-10-26 14:45 ` Lamont R. Peterson
2004-10-26 16:39 ` Hans Reiser
2004-10-26 16:57 ` George Beshers
2004-10-26 18:37 ` Hans Reiser
2004-10-26 20:20 ` George Beshers
2004-10-27 4:48 ` Hans Reiser
[not found] ` <4124D09A.1060208@comcast.net>
2004-08-19 17:31 ` David Greaves
2004-08-20 6:52 ` Hans Reiser
2004-08-20 12:08 ` George Beshers
2004-08-20 14:07 ` David Greaves
2004-10-26 15:54 ` Lamont R. Peterson
2004-10-27 1:04 ` David Masover
2004-08-20 6:13 ` Hans Reiser
2004-08-19 14:30 ` George Beshers
2004-08-18 7:52 David Dabbs
2004-08-18 18:37 ` David Masover
2004-08-18 21:47 ` George Beshers
2004-08-18 19:20 ` George Beshers
2004-08-18 20:20 ` Hans Reiser
2004-08-18 21:44 ` George Beshers
2004-08-18 21:48 ` Hans Reiser
2004-08-18 23:18 ` George Beshers
2004-08-19 0:42 ` Hans Reiser
2004-08-19 2:01 ` George Beshers
2004-08-19 5:50 ` Hans Reiser
2004-08-19 12:48 ` George Beshers
2004-08-20 6:59 ` Hans Reiser
2004-08-20 12:36 ` George Beshers
2004-08-20 18:14 ` Hans Reiser
2004-08-20 21:42 ` George Beshers
2004-08-18 19:34 ` Hans Reiser
2004-08-16 0:15 Hans Reiser
2004-08-16 1:48 ` George Beshers
2004-08-16 2:02 ` Hans Reiser
2004-08-16 13:47 ` George Beshers
2004-08-16 19:50 ` George Beshers
2004-08-17 7:07 ` Hans Reiser
2004-08-17 19:29 ` George Beshers
2004-08-17 20:28 ` Hans Reiser
2004-08-17 23:46 ` George Beshers
2004-08-18 2:22 ` Hans Reiser
[not found] ` <4121F4D6.8090506@comcast.net>
2004-08-17 19:43 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040821073818.D5EB115CBA@mail03.powweb.com \
--to=david@dabbs.net \
--cc=Valdis.Kletnieks@vt.edu \
--cc=gbeshers@comcast.net \
--cc=reiser@namesys.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.