From owner-freebsd-arch@FreeBSD.ORG Sat Aug 23 08:16:16 2008 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B3D3E106567D for ; Sat, 23 Aug 2008 08:16:16 +0000 (UTC) (envelope-from freebsd-arch@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 38D3F8FC26 for ; Sat, 23 Aug 2008 08:16:15 +0000 (UTC) (envelope-from freebsd-arch@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1KWoI6-0001KL-V8 for freebsd-arch@freebsd.org; Sat, 23 Aug 2008 08:16:10 +0000 Received: from 89-172-34-84.adsl.net.t-com.hr ([89.172.34.84]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 23 Aug 2008 08:16:10 +0000 Received: from ivoras by 89-172-34-84.adsl.net.t-com.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 23 Aug 2008 08:16:10 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-arch@freebsd.org From: Ivan Voras Date: Sat, 23 Aug 2008 10:15:59 +0200 Lines: 78 Message-ID: References: <20080822150020.GA57443@lor.one-eyed-alien.net> <9bbcef730808220802pa84b597u457100a23b03a80c@mail.gmail.com> <20080822153945.GC57443@lor.one-eyed-alien.net> <9bbcef730808220853q22666b44n5ca2b7add991191f@mail.gmail.com> <20080822161314.GE57443@lor.one-eyed-alien.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig55EF31693237FD6088C8CCA6" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 89-172-34-84.adsl.net.t-com.hr User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) In-Reply-To: <20080822161314.GE57443@lor.one-eyed-alien.net> X-Enigmail-Version: 0.95.6 Sender: news Subject: Re: Magic symlinks redux X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2008 08:16:16 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig55EF31693237FD6088C8CCA6 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Brooks Davis wrote: > On Fri, Aug 22, 2008 at 05:53:58PM +0200, Ivan Voras wrote: >> Your example with uid is solved just like in userland (though the >> names are messed up) and reflect getuid() and geteuid(). >=20 > Small changes to the file system namespace can easily lead to security > issues when applications assume the namespace is static. This is > particularly true for setuid binaries. >=20 >> Anyway, if the DFBSD framework is properly implemented, it shouldn't >> be hard to add these variables. If you don't want to, I volunteer. >=20 > I'm not completely opposed to adding a static namespace for system > wide variables. I'm not at all keen on the @ruid and @uid variables > because I think they are risky. My current feeling is that I'd like to= > move ahead with my current implementation and then either add another > namespace or add this off to the side mostly as is. Ok, how about adding another sysctl enabling ruid and uid (perhaps=20 change their name to uid and euid since NetBSD compatibility isn't=20 maintained) which will be off by default? >> (I don't care about the syntax: @{something} vs ${something}, though I= >> think NetBSD made the better choice since these variables are not >> accessing the process environment). >=20 > This is something I've been debating. I've been leading toward somethi= ng other > than ${something}. Either @{} or %{} or else going all the way to some= thing > like %%something%%. =20 Someone mentioned "@" clashes with AFS :( > I don't like the unanchored components netbsd uses. They could have an use case - see below: > One other option we discussed at the devsummit was requiring that the f= irst > character of a variant symlink be special to reduce parsing overhead. = I.e. > requiring that variant symlinks start with @ or % or something. I agree with this - it's elegant on the implementation side and=20 performance hit would be minimal. I'd also be happy with abandoning the=20 free form links and mandating that the entire component be one var=20 symlink (i.e. "/path1/@var/path2" is ok but "/path1/@{path2}.@{path3}"=20 isn't). If you'd implement that special starting character, how would the=20 end-result look like? Something like "#path@{var}"? (for various values=20 of "#")? --------------enig55EF31693237FD6088C8CCA6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIr8c/ldnAQVacBcgRAvCvAJ4kFbQGH7Dx6ThQD6VgVdBnckeJiQCfQjF2 1es8XF9twRJQCjgyevXXHAg= =B76u -----END PGP SIGNATURE----- --------------enig55EF31693237FD6088C8CCA6--