(Illustration by Gaich Muramatsu)
On Fri, Mar 11, 2005 at 10:01:42AM -0500, Greg Troxel wrote: > Before we go down this path, I'd like to see a high-level plan for > dealing with this. The NetBSD kernel interface, at least, seems not > to do per-user checking of credentials against objects in the > minicache. So, I think it's probably necessary to fault per-uid > permissions into the minicache from venus when a new uid accesses an > object. Hm, in my naivety I did not account for Venus being bypassed. Or do I misunderstand? Is it really possible to open a file without consulting with Venus? > I want to be able to walk to any reasonably maintained computer, > whose administrator ran "coda-client-setup" once, use Coda and feel safe. > It is perfectly possible, isn't it? > > Perhaps for you, but the set of people I trust to run a computer well > enough to trust it is pretty slim anyway. There is the opposite issue as well, I want to be able to use Coda realms which do not employ IPsec. I think I can trust some of them :) though definitely not the network in between... Regards, -- IvanReceived on 2005-03-11 10:39:04