On Tue, 2005-05-10 at 16:56 -0500, Manuel Amador wrote: > El mar, 26-04-2005 a las 23:32 -0400, Joe Shaw escribi�: > > Hi, > > > > On Tue, 2005-04-26 at 18:22 -0500, Manuel Amador wrote: > > > Oh, this is good. Any plans to moving to a system-wide daemon model? > > > > Moving to a solely system-wide model? No. The security implications of > > a daemon running as root that monitors all the files on the system can > > get hairy. If you keep it per-user, then the security is fairly simple > > filesystem permissions.
I don't see how you can run a per-user daemon without causing huge wastage on a multi-user system. How does slocate do it? a system-wide search that inserts security permissions in a database and then respects them when responding to queries? That is probably the way to go, even if it is difficult to get right. You will probably need some separation of permissions in the setgid (or setuid) client part to keep the dangerous stuff simple. Peter Wainwright > > But, you know, you could fork and setuid()/setgid() to the calling user > right before performing searches or other user-requested actions. > > > > > That said, there is a lot to be gained by having a shared store for a > > lot of interesting, publicly available system-wide data. Things like > > launchers, man pages, etc. are definitely useful to the user. Right now > > we're indexing those for each user, but this is obviously suboptimal. > > We don't have a concrete plan for this right now, but there are a few > > options: we could have an instance of the daemon running as user nobody > > which monitors some interesting directories (like the man paths); we > > could have a shared read-only index crawler ala updatedb run once a day > > or so. But it's not something we've sat down and prototyped or > > investigated in depth yet. > > You could also have a multiple-responsibility model: an indexer running > as root (which is the only part in the model that would be vulnerable, > and thus SS chose a managed language to write this in), a search daemon > which downgrades its security credentials upon search. Postfix > successfully uses this model. > > > > > Joe -- Peter Wainwright <[EMAIL PROTECTED]> _______________________________________________ gnome-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-devel-list
