File daemons

[Scott Schwartz]

Karl Kleinpaste writes:
|flee at shire.cs.psu.edu writes:
|    daemon that implements access control lists.  The idea is, if you want
|    to open a file you don't normally have access to, you ask the daemon
|    to open it for you, and it will give you an open file descriptor

| This has already been done.  See, for example, "Watchdogs: Extending
| the UNIX File System," by Brian N Bershad & C Brian Pinkerton, Winter
| 88 (Dallas) Usenix Proceedings (and a later version of the same paper
| in Vol 1 No 2 of _Computing_Systems_).

I've read it.  What Felix was mentioning is nothing so ambitious.  We
just observed that you can make most filesystem requests via a
(privileged) proxy, and let the proxy keep track of the access control
lists.  For things like read and write access, the whole thing can run
in user mode, with no kernel modifications.  A prototype only took a
few hours to cobble together.  (The downside is that if you really
want all operations to be proxyable (like exec) you need to add a few
things to the kernel.)

--
Scott Schwartz		<schwartz at shire.cs.psu.edu>
for h in `cat /etc/hosts`; do telnet $h smtp; done;
Now back to our regularly scheduled programming....