diff options
author | Thomas Schwinge <tschwinge@gnu.org> | 2011-09-06 16:02:51 +0200 |
---|---|---|
committer | Thomas Schwinge <tschwinge@gnu.org> | 2011-09-06 16:02:51 +0200 |
commit | 278f76de415c83bd06146b2f25a002cf0411d025 (patch) | |
tree | a53c06dd708451423f4a4fc5e4a81a86490e0129 /open_issues/translators_set_up_by_untrusted_users.mdwn | |
parent | 910aa477e18a9ee218eea8a79b02a90b1303c07b (diff) |
IRC.
Diffstat (limited to 'open_issues/translators_set_up_by_untrusted_users.mdwn')
-rw-r--r-- | open_issues/translators_set_up_by_untrusted_users.mdwn | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/open_issues/translators_set_up_by_untrusted_users.mdwn b/open_issues/translators_set_up_by_untrusted_users.mdwn index cee7a2bc..36fe5438 100644 --- a/open_issues/translators_set_up_by_untrusted_users.mdwn +++ b/open_issues/translators_set_up_by_untrusted_users.mdwn @@ -281,3 +281,46 @@ Protection](https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#Symlink and [Hardlink Protection](https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#Hardlink_Protection) do bear some similarity with the issue we're discussing here. + + +# IRC, freenode, #hurd, 2011-08-31 + + <antrik> I don't see any problems with following only translators of + trusted users + <youpi> where to store the list of trusted users? + <youpi> is there a way to access the underlying node, which for /dev + entries belongs to root? + <ArneBab> youpi: why a list of trusted users? Does it not suffice to + require /hurd/trust set by root or ourselves? + <youpi> ArneBab: just because that's what antrik suggests, so I ask him for + more details + <ArneBab> ah, ok + <antrik> youpi: probably make them members of a group + <antrik> of course that doesn't allow normal users to add their own trusted + users... but that's not the only limitation of the user-based + authentication mechanism, so I wouldn't consider that an extra problem + <antrik> ArneBab: we can't set a translator on top of another user's + translator in general + <antrik> root could, but that's not very flexible... + <antrik> the group-based solution seems more useful to me + <ArneBab> antrik: why can’t we? + <antrik> also note that you can't set passive translators on top of other + translators + <antrik> ArneBab: because we can only set translators on our own nodes + <ArneBab> active ones, too? + <antrik> yes + <ArneBab> antrik: I always thought I could… + <ArneBab> but did not test it + <ArneBab> antrik: so I need a subhurd to change nodes which do not belong + to me? + * ArneBab in that case finally understands why you like subhurds so much: + That should be my normal right + <antrik> it should be your normal right to change stuff not belonging to + you? that's an odd world view :-) + <antrik> subhurds don't really have anything to do with it + <ArneBab> change it in a way that only I see the changes + <antrik> you need local namespaces to allow making local modifications to + global resources + <youpi> it should be one's normal right to change the view one has of it + <antrik> we discussed that once actually I believe... + <antrik> err... private namespaces I mean |