GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Sunday, 26-Nov-2023 03:02:06 JSTpistolero :thispersondoesnotexist:pistolero :thispersondoesnotexist:
    in reply to
    • The Problem :verified_pink:
    • cipote :bishrexual:
    • Iska
    • Amanda
    @iska @marine @teratology @amanda

    > scopes/environments are cleaner than filesystems,

    If you think of it as something like FUSE, then yes, filesystems are terrible for this.

    But it's just a notation, like using memory addresses or system calls or variables. So if the system is built around filesystems being the means of accessing objects and if it's granular enough that individual threads in the same process can discard permissions, and you can enforce this by just removing part of the namespace before starting a program, then no, not remotely, filesystems are great for this.

    Say you want, by default, to only provide framebuffer access to the children of the processes of the user that is sitting at the machine. You can do that by only letting one process have access to it, and then that process provides an interface to it, that interface is a filesystem, and mounts are inherited only by child processes, so it's about as secure as a local variable. You wanna export it, you wanna provide its contents to the entire internet, you can do that (without requiring that UID 0 mediate access).

    > more efficient as checks and lookups only have to be done at compile time.

    Oh, if you're talking about how OpenBSD does it, that's cool. The only issue is that you can't do it for interpreters, and it's all kinda retrofitted onto POSIX but is itself not part of POSIX. I like what Theo did but there's a lot you can do if you discard compatibility rather than just poking some holes in it.
    In conversationSunday, 26-Nov-2023 03:02:06 JST from freespeechextremist.compermalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.