comparison with other stored security state mechanisms [was: Re: Sharing Trust Policy between Crypto Libraries]
danw at gnome.org
Tue Jan 15 06:31:25 PST 2013
On 01/15/2013 01:17 AM, Simo Sorce wrote:
> On Mon, 2013-01-14 at 23:55 +0100, Gabor Toth wrote:
>> In order to make it really multi-user, a system-wide daemon process could
>> handle the database, and applications would communicate with this process.
> It would be much easier to just write files out.
> Otherwise you are forced to refuse any cert if the daemon is not
> available (because if you don't a DoS on the daemon can allow you to
> bypass explicitly untrusted certs).
dconf uses a model where any process can mmap the database file directly
to read it, but writes have to go through a central server. (I think
every time you do a write, it creates a new copy of the database and
atomically overwrites the old one, and then the clients all reopen the
file. Which is reasonable if reads are frequent and writes are rare.)
(Actually... we could just use dconf even... It only depends on glib and
dbus, and the dconf package itself is pretty tiny...)
More information about the p11-glue