Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

[Adrian Bunk]

On Sun, Jan 29, 2006 at 02:09:08PM +0100, Arjan van de Ven wrote:
> 
> > 
> > You are taking the wrong approach.
> > 
> > The _only_ question that matters is:
> > Why is it technically impossible to do the same in userspace?
> > 
> > If it's technically possible to do the same in userspace, it must not be 
> > done in the kernel.
> 
> 
> that is not a reasonable statement because...
> 1) you can do all of tcp/ip in userspace just fine
> 2) you can do the NFS server in userspace
> 3) ...
> 4) ...
> 
> there are reasons why things that can be done in userspace sometimes
> still make sense to do in kernel space, performance could be one of
> those reasons, being unreasonably complex in userspace is another.

Agreed, my sentence was too general.

> Identity management to some degree belongs in the kernel, simply because
> identity *enforcing* is in the kernel. Some things related to security
> need to be in the kernel at least partially just to avoid a LOT of hairy
> issues and never ending series of security holes due to the exceptional
> complexity you get.

OK, this sounds reasonable in the cases where the enforcing is actually 
in the kernel (but not in the backup daemon example from this thread).

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/