[tahoe-dev] Tahoe-LAFS is widely misunderstood
Chris Palmer
chris at noncombatant.org
Thu Feb 3 00:41:05 PST 2011
Brian Warner writes:
> My problem with FUSE as the primary entry point is that it loses the whole
> least-authority model. The POSIX filesystem APIs don't expose things like
> retrieving a dircap for the subdirectory that you want to share with a
> friend, so the easiest thing to do is to share your whole rootcap with
> somebody, the equivalent of sharing passwords from the bad-old-days. It
> also doesn't let you write programs that are restricted to interacting
> with just a subset of your filesystem, so all the usual Confused Deputy
> vulnerabilities are still around.
Well, a WUI is no way to solve the confused deputy problem. :)
--
http://noncombatant.org/
More information about the tahoe-dev
mailing list