On Mon, Feb 13, 2006 at 08:09:45PM -0000, Jonathan Worthington wrote: > "Joshua Hoblitt" <[EMAIL PROTECTED]> wrote: > >I think your slightly confusing OPs and PMCs. Presumably the *dir > >functionality would be implemented as OP codes > > > I thought The Plan was to have all the I/O stuff done with PMCs rather than > ops in the end. There's no real benefit in having ops - the delays that > you get through doing I/O make the time difference between an op and a PMC > method call insignificant. Security wise, the PMCs can be implemented to > ensure that sufficient privs are available to perform the operation being > requested of them.
That implies enforcing a security policy on two different fronts. > I agree with Chris on minimising the amount of places we do security stuff > as far as is sensible. However, I would think that the interface for doing > sandboxing style stuff would allow restriction of certain types of > operation (e.g. filesystem access) rather than individual operations > though, so as to help eliminate the moving target issue. It's pretty clear from this thread that we are underspeced on both the I/O and security subsystems. Hopefully Chip can chime in on this... -J --
pgp4pOEzNc5TQ.pgp
Description: PGP signature
