Why make a new MinorFS

From MinorFs Wiki

Jump to: navigation, search

Why make a new MinorFs?

The problems with $HOME and $TEMP

A few years back I wrote the MinorFs least authority file-system suite in an attempt to bring two least-authority worlds together and solve for persistent storage what object orientation solved decades ago for programming. I hoped to let MinorFs be a bridge between the world of static purely permissive access control at the kernel level (AppArmor) and the world of dynamic least authority at the language level (object capability languages like E). For this reason I choose a rather purist view of what MinorFs should primary aim to facilitate: Private decomposable directory trees for 'pseudo persistent processes' that could be delegated between processes in a capabilities way. I knew and have advocated different ways of using MinorFs but until recently had not been willing to compromise on the purity of the MinorFs model to accommodate these different uses.

We are now a few years further and I must I think finally admit that my attempts to bridge the gap I hoped to bridge has failed. The problem posed by shared state $HOME and $TEMP in Linux however remains, and with new developments with things like HTML5 and bitcoin, its impact is becoming bigger and bigger.

This to me means its time to abandon purity of model and set out to turn MinorFs into a less pure solution that practically helps to solve real world mall-ware and hacker related problems with stared state storage in Linux.

AppArmor almost ready for the best fit

The current version of AppArmor from a MinorFs point of view has one major flaw. It allows rules that allow a process to access files and directories under /proc/$PID for any $PID but it currently cant express that a process should only be able to access /proc/$PID for its own $PID. Giving an executable access to files under /proc/$PID for any $PID meant that this process could potentially be used to steal capabilities. This flaw is about to be fixed in the release of AppArmor after the next release. This change makes the pieces of the puzzle come together enabling the major shift in mall-ware protection technology. This large milestone should not be allowed to pass without putting in a lot of extra effort in helping this shift come to be. A new more practical version of MinorFs should fit greatly with the opportunity for improvement that this small change to AppArmor in its essence implies.

Retrieved from "http://minorfs.polacanthus.net/wiki/Why_make_a_new_MinorFS"