[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cmp: the port comparison server
|
From: |
olafBuddenhagen |
|
Subject: |
Re: cmp: the port comparison server |
|
Date: |
Sun, 28 Jun 2009 23:21:09 +0200 |
|
User-agent: |
Mutt/1.5.19 (2009-01-05) |
Hi,
On Wed, Jun 17, 2009 at 09:12:10AM +0200, Carl Fredrik Hammar wrote:
> On Mon, Jun 15, 2009 at 01:24:05AM +0200, olafBuddenhagen@gmx.net
> wrote:
> > On Wed, Jun 10, 2009 at 01:49:02PM +0200, Carl Fredrik Hammar wrote:
> > Actually, I'm not sure where the comparision server fits in, in view
> > of certain conclusions from the recent IRC discussions?...
>
> The current plan is for the sender to give the dependencies if the
> receiver holds its task port. cmp will be used to prove this. The
> sender can send an arbitrary PID to the receiver, so if the receiver
> simply gave the task port it got from proc to the sender, it could
> result in privilege escalation for the sender.
I thought I already said this at some point, but maybe I wasn't really
clear about it: I don't think that actually checking the task port is
useful at all.
If the receiver has the task port, it can obtain the UID capabilities
from the sender; and AIUI the reverse is also true. In other words,
having the task port is effectively equivalent to having the same UIDs.
And this can be safely checked using the existing auth mechanism.
> I'll consider switching to a branch. How do I go about this in
> practice when the Hurd's repository is in migration limbo? Initialize
> a git repository with a CVS checkout?
Either that, or use the preliminary Git repository that is already
online. In either case, you will have to rebase to the official
repository once it is in place.
(This is a non-trivial use of rebase, but unless I'm mistaken, a single
command invocation does the trick. Ask for help when you need to do it.)
> > > I based the translator on password originally, since it also is a
> > > trivial translator whose main interface isn't IO. So currently I
> > > state this as well in the relevant copyright notices. But this
> > > code is similar to a lot of other trivfs translators, has
> > > diverged, and it is only a small portion of the actual
> > > functionality. With that in mind is it really necessary to state
> > > that in the copyright? (It is also based on auth, but here I
> > > believe attribution is in order.)
> >
> > As the copyright holder is the same, it's not really necessary to
> > state where the code came from at all.
>
> What about the copyright years?
The original copyright years have to be preserved of course -- you use
code that was written in these years...
-antrik-