[tahoe-dev] Tahoe-LAFS is widely misunderstood
Jan-Benedict Glaw
jbglaw at lug-owl.de
Wed Feb 2 19:12:58 UTC 2011
On Wed, 2011-02-02 11:10:13 -0800, Brian Warner <warner at lothar.com> wrote:
> On 2/1/11 5:36 PM, Greg Troxel wrote:
> > Removal of CLI and WUI, and using only FUSE. This is the aspeect I'm
> > most in favor of.
>
> My problem with FUSE as the primary entry point is that it loses the
> whole least-authority model. The POSIX filesystem APIs don't expose
> things like retrieving a dircap for the subdirectory that you want to
> share with a friend, so the easiest thing to do is to share your whole
> rootcap with somebody, the equivalent of sharing passwords from the
> bad-old-days. It also doesn't let you write programs that are restricted
> to interacting with just a subset of your filesystem, so all the usual
> Confused Deputy vulnerabilities are still around.
Well, the caps could be supplied as extended attributes?
MfG, JBG
--
Jan-Benedict Glaw jbglaw at lug-owl.de +49-172-7608481
Signature of: If it doesn't work, force it.
the second : If it breaks, it needed replacing anyway.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110202/05d2a157/attachment.asc>
More information about the tahoe-dev
mailing list