Initial filesystem design synopsis.

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Thu Feb 22 05:47:03 PST 2007


Sergey Glushchenko wrote:
Maybe i missed it but you don't talk at all about security of the FS
and i guess that this is a very important topic for a FS that
it's going to work over the internet and be connected to insecure
hosts.
Are you proposing to encrypt data transfered between cluster nodes?
That's the very least.

Eg: What if i want to share a file with you, but i don't
want anyone else on the cluster to be able to read or modify it?
Why this can't be handled with help of ACLs?
Because I as evil kernel hacker don't have to obey the ACLs you set if I already have access to the raw data.

cheers
 simon
--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00016.pgp
Type: application/octet-stream
Size: 252 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20070222/90deba8b/attachment-0014.obj>


More information about the Kernel mailing list