IRC channel logs

2026-02-25.log

back to list of logs

<gnucode>sneek later tell youpi When I said "ftpfs runs a root by default"...I should have said that /ftp:/ runs as root by default. I am not aware of any guide that says to "sudo settrans node /hurd/ftpfs". I did read in one of the irc logs that it would be a cool idea if there was a "trusted" uses group, such that, if my user joshua would run translaters set by these trusted users. As far as I know, root is the only "trusted" user.
<sneek>Got it.
<gnucode>am I correct in thinking that the Hurd currently runs translaters set up by other users by default ? Or is that incorrect?
<gnucode> https://hurdos.com/wiki/open_issues/translators_set_up_by_untrusted_users.html
<gnucode>I wonder if the work my spritely institute...goblins for instance...could help the running translators by untrusted users issues.
<gnucode>I believe that goblins is trying to figure how to run untrusted code safely.
<gnucode>I also feel like following unprotected users translators is somewhat unlikely. The average computer user controls all of his files. I don't share my home directory with other users for example.
<gnucode>I suppose that this thing becomes problematic when users share the same nfs.
<gnucode>That actually is kind of a cool idea. Maybe we should have a Hurd playground somewhere, where hurd users can request access to a shared Hurd server.
<youpi>the hurd runs translators set up by other users, yes, but under their uid
<sneek>youpi, you have 1 message!
<sneek>youpi, gnucode says: When I said "ftpfs runs a root by default"...I should have said that /ftp:/ runs as root by default. I am not aware of any guide that says to "sudo settrans node /hurd/ftpfs". I did read in one of the irc logs that it would be a cool idea if there was a "trusted" uses group, such that, if my user joshua would run translaters set by these trusted users. As far as I know, root is the only "trusted" user.
<youpi>and glibc does protect itself from rogue translators, which wouldn't answer the interrupt RPC for instance
<youpi>root is not particularly trusted
<youpi>in terms of translator owner
<youpi>it's the /dev and /servers directories which are trusteed
<youpi>and there you can have various uids for the translators
<gnucode>youpi: so what happens if a rogue user karen sets up a malicious translator on the world writable /tmp that secretly redirects to /home ? If I run " sudo rm -rf /tmp" do I inadvertently delete /home ?
<youpi>yes, that's why tools have no_symlink options by default
<youpi>and they'll avoid following translators the same way
<gnucode>oh, the Hurd's current policy is O_NOTRANS , which means do not follow translators from untrusted users by default ?
<gnucode>I'll send in a big web patch in a bit. I'm trying to flush out this page more: https://hurdos.com/wiki/open_issues/translators_set_up_by_untrusted_users.html I'm sure it's got some inaccuracies.
<youpi>it's not a hurd policy, it's programs themselves which does this
<youpi>rm doesn't want to follow symlinks blindly on linux either
<gnucode>hmmm, I've never seen /hurd/filter ...
<jab`>it's so nice to be able to tweak the hurd wiki again.
<jab`>I am connected! woo hoo! I needed to create the /var/run/mysql directory and run # chown _mysql:_mysql on it.
<jab`>I don't know why that wasn't done by default, but whatever.
<jab`>I also don't know if mariadb is running in a chroot or not.
<jab`> I think I might just leave my local mariadb database passwordless. It's not like I really need a password on my local machine...as far as I can tell.