Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 9 Jun 2012 19:27:56 +0800
From: orc <orc@...server.ru>
To: musl@...ts.openwall.com
Cc: Rich Felker <dalias@...ifal.cx>
Subject: Re: Vision for new platform

Want to refresh this.

> 1. Attempting to account for multiple "local users", possibly even
>   simultaneously, with complex policies controlling their access to
>   hardware and configuration.

I have such system. But multiple local users share their rights
via sudo.
If world is going singleuser again, then we need no such machinery
there. Or we need another approach.
One can leave a NOPASSWD switch in sudoers and don't think about it
anymore. Program with gui can simply execve() sudo or it's replacement,
and possibly ask user a password if he removed NOPASSWD, and pass it to
sudo. This is just an example how it can be done with sudo. I don't know
how fdo deals with it, I haven't tried it for years.

> (e.g. spying with the microphone or changing the network connection to
> intercept traffic)

This is really controlled with setuid bits or permissions to certain
device nodes. Am I wrong?

>  - pluggable devices such as: video capture/webcam, audio, printers,
>  scanners, obex/bluetooth file transfer, etc.

I really liked udev approach there: it monitors for new devices,
creates nodes and gives permissions. It can execute scripts or programs.
But udev is bloated today, it is going (or already) to be merged with
systemd, so mdev is future simple replacement.

> What I'd really like to end up with is something that's not just a new
> distro

About distros: many of them force their own vision on solving one
common problems, such as mounting devices or controlling wireless
connectivity. That's why I am, for example, using self-built one. That
is: dealing with stuff using only my hands and head was *for me* better
than dealing with stuff from certain distro. And the same for fdo junk:
instead of dealing with all it's complexity I use /bin/mount for
mounting today. I'm not saying that anyone should follow this, but it
actually *works* as manpage says. Of course it is not sufficient for
end-user nettops/mobile systems.
I don't say that distros are bad. If all is going as needed, fine! But
when undefined behavior occurs, then we try to solve it and see how
complex and buggy (in case of fdo software) that thing is.

> This is an area where traditional simple scripts (boot scripts,
> network scripts, etc.) horribly failed, using ugly things like pid
> files, killall commands, broken behavior when a device was quickly
> inserted then removed, etc.

I've dropped this ugly and slow stuff that anyone today calls 'SysV init
scripts' and written a more simpler and fast version based on idea of
BSD or Slackware ones. They can be used both in embedded and on a
regular system.

> pid files
Yup, when daemon dead (or someone cut off power), there is nothing to
kill
> killall
Horrible and harmful
Maybe pgrep/pkill sucks less and will replace that horrible approach to
store pidfiles and believe that daemon is still running.
Actually systemd is more, MORE harmful than this old stuff.

Well...
Reading your post I got an idea that we should begin to rework all
stuff from scratch. Crazy enough. But look: if you already know about
Rob Landley ideas about toybox and, in future, the QCC (a complete
busybox-like toolchain that will replace the whole GNU: gcc, binutils,
etc..), then we have a nice chance to start a new system, more just 'a
new distro that have compiled stuff and put some it's own view on how
things must be done'. You and contributors starting at point of glibc2
replacement that is better and lightweight, Rob writes a userspace
coreutils/util-linux/udev/archivers replacement that is better and
lightweight, then the gcc replacement appears that can compile Linux
kernel unmodified (or minimally modified). This can be a complete
review of stuff we are using today.

Quoting again,

> What I'd really like to end up with is something that's not just a new
> distro

And of course it will be a new platform.

I can be wrong in the ideas that I explained here. Please correct me.
Thanks.
* 'fdo' stands for freedesktop.org

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.