From owner-freebsd-hackers Thu Feb 12 15:00:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA22148 for hackers-outgoing; Thu, 12 Feb 1998 15:00:34 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from freya.circle.net (freya.circle.net [209.95.95.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA22082 for ; Thu, 12 Feb 1998 15:00:26 -0800 (PST) (envelope-from tcobb@staff.circle.net) From: tcobb@staff.circle.net Received: by freya.circle.net with Internet Mail Service (5.5.1960.3) id <1GN8PTY0>; Thu, 12 Feb 1998 17:50:34 -0500 Message-ID: <8188AD2EBC3CD111B7A30060082F32A4083053@freya.circle.net> To: eivind@yes.no, winter@jurai.net Cc: owensc@enc.edu, freebsd-hackers@FreeBSD.ORG, braam@cs.cmu.edu Subject: RE: Coda FS: FBSD port done!, but development favors Linux Date: Thu, 12 Feb 1998 17:50:28 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I would be able to use such a mechanism right away, particularly for the storage side of a multimedia database. If my vote counts at all, I'd also ask for that 15 minute patch :) 'Twould be wonderful to mount a partition as an inode-based FS and use it as the storage backend. - Troy On Thursday, February 12, 1998 5:48 PM, Matthew N. Dodd wrote: > > I for one would love to see this feature (if indeed you are talking about > open by inode#). It is highly useful for applications that wish to bypas > limitations of FS name lookup (bypass the overhead that is) and implement > their own faster indexing directly. News is one such application. (Store > article inode# in the overview database and open directly.) > > For a big fileserver you aren't likely to have local users that could take > advantage of the security problems you describe, and CODA will be hidning > that information so remote machines won't be able to abuse it either. > > Of course if we had Veritas or XFS we would have no need to open by inode# > as they store their metadata in structures that support high speed lookups > by nature. > > If you wouldn't mind spending the 15 minutes to implement this > functionality I for one would be most interested in seeing your patches. > > Would you be implementing a new open call like say iopen(). > > Are we even talking about the same thing here? :) > > On Thu, 12 Feb 1998, Eivind Eklund wrote: > > It would take about 15 minutes to create this functionality, and it > > has been discussed before. It has been decided against on the basis > > of security. This break chroot() completely, and it break the > > protection you presently have when > > > > -rwxr-x--- src/ > > -rwxr-xr-x src/somefile > > > > - somefile will be available to an attacker. > > > > If this is what it takes to get Coda, I for one won't use it, but I > > can probably create and commit a kernel option that give the access > > methods so that others can. > > > > It will not be part of FreeBSD in the default configuration, at least > > not if I have any say in the matter. (Sorry to be so brutal, but it > > really kill a lot of security assumptions.) > /* > Matthew N. Dodd | A memory retaining a love you had for life > winter@jurai.net | As cruel as it seems nothing ever seems to > http://www.jurai.net/~winter | go right - FLA M 3.1:53 > */ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe hackers" in the body of the message