On Fri, 21 Oct 2011 00:29:12 -0400 Matthew Mondor <[email protected]> wrote:
> If unicode strings are possible, I think that it'd be possible for a > string to look like "system" but to actually be something else to an > auditing administrator, unless all tools clearly showed those non-ASCII > bytes in an escaped format. If the above theory is true, if we eventually supported extended permissions such as access lists, they could possibly be implemented in a special empty string class, with a special empty string key, and a single structured object value specifying the permissions, rather than relying on various keys within the "system" class. Yet ideally for performance and security, it'd be ideal if the interface only presented integer IDs for the class, and reserved integer key attributes for the i.e. EXTATTR_SYSTEM class (just like our groups are really gids). The Linux compatibility interface, if preserved, could be oblivious to system class attributes and only be useful for the general purpose user attributes... The problem here would be that user tools using only the Linux API would not be able to backup the full state (in this case, the extended permissions, unfortunately)... -- Matt
