Published on: 2013-01-10T17:41:21+00:00
In an email thread from September 3, 2011, Rob Meijer announced the initial set of specifications for a rewrite of MinorFS. He expressed disappointment in receiving no response to his previous post about interest in using this updated version with Bitcoin on systems that support AppArmor like Ubuntu and OpenSuse. However, others in the thread expressed their interest in this update. One individual stated that more strict privilege separation between applications would be necessary for Ubuntu if they want to keep up with Android and MacOSX. They noted that this has been needed for a while and would be useful for any private data managed by applications running as the same user, such as SSH, browsers, and PGP. The discussion then turned to security measures, with one participant noting that wallet encryption is useful but not a substitute for OS-level protection. In response to Rob's announcement, an individual asked if it was necessary to rewrite the entire thing from scratch and questioned whether it could be compared to the Android model which uses a UID per application/user. They wondered if layering security on top of current UNIX/ACL permissions would be sufficient without needing another filesystem altogether.Rob Meijer proposed an updated version of MinorFs, a least authority based set of filesystems that could be used by Bitcoin on systems that support AppArmor like Ubuntu and OpenSuse. The purpose is to give pseudo-persistent processes their own private but decomposable and delegatable piece of filesystem storage, which is suitable for applications that want to protect user data such as Bitcoin wallets from malware running under the same UID as that user. Currently, wallet encryption is a simpler solution for end-users than MinorFs. Rob Meijer is trying to get specifications together for rewriting MinorFs in Python that would make it easier and more natural for application developers who want to protect user data. However, there are some concerns about whether MinorFs can work without changes to Bitcoin and if not, what is the minimal amount of changes needed. Additionally, there are questions about whether MinorFs would help secure the wallet on a server, maybe even an insecure VPS. Moreover, there is no guarantee that MinorFs will never corrupt the wallet; hence, it is essential to find out the proper way to do backups. Given that Bitcoin could benefit most from what MinorFs has to offer, Rob Meijer asked Bitcoin developers to think about what attributes from the current granularity level should be kept, what attributes should be dropped, and what properties should be added to arrive at an 'id' that is the best fit for granularity of persistent private storage for Bitcoin. He also welcomes all input that helps him accommodate Bitcoin developer needs so that code to use MinorFs where available can be added to Bitcoin.The author of a least authority based set of filesystems named MinorFs, Rob Meijer, is looking to update the system for use by bitcoin on systems that support AppArmor. Although there has been little interest in an updated version, Meijer has created a set of proposed specifications for a rewrite of MinorFs and is open to suggestions. The current granularity level of MinorFs is hard fixed to that of the 'pseudo persistent process'. Meijer believes that the next version should take an approach that better suits common development languages and practices. He is seeking input from bitcoin developers to create an 'id' that is the best fit for granularity of persistent private storage for bitcoin. Meijer wants to accommodate bitcoin developer needs so that code to use MinorFs where available can be added to bitcoin.A few years ago, Rob wrote a set of filesystems called MinorFs. It worked closely with AppArmor to give "pseudo persistent processes" their own private but decomposable and delegatable piece of filesystem storage. Currently, only one perfect fit for MinorFs exists, which is the stack AppArmor/MinorFs/E-language-persistent-application. However, some close fits, like running ssh without a passphrase, require lots of manual fiddling by the user to get working.Rob is trying to rewrite MinorFs in Python in a way that would make it easy and natural for application developers who want their application to protect user data from mallware running under the same uid as that user, such as bitcoin wallets. Currently, minorfs granularity is hard fixed to that of the "pseudo persistent process," and that granularity is determined in the pseudo persistent process link.Using pseudo persistent processes results in file-system storage that follows almost all of the modeling principles of the object capability model.
Updated on: 2023-08-01T02:19:19.502235+00:00