(Illustration by Gaich Muramatsu)
Before we go down this path, I'd like to see a high-level plan for dealing with this. The NetBSD kernel interface, at least, seems not to do per-user checking of credentials against objects in the minicache. So, I think it's probably necessary to fault per-uid permissions into the minicache from venus when a new uid accesses an object. All that said, I think fixing the repair bugs in venus is far more important. I want to be able to walk to any reasonably maintained computer, whose administrator ran "coda-client-setup" once, use Coda and feel safe. It is perfectly possible, isn't it? Perhaps for you, but the set of people I trust to run a computer well enough to trust it is pretty slim anyway. Certainly coda should change to something more than xor. Until then, you don't have any rational basis for feeling safe, other than a threat model that says no one is after you and blackhats are probably not going to write coda serve spoofing tools. It would be a fun proof of concept though, and perhaps what it takes to replace xor!Received on 2005-03-11 10:02:50