Comments inline. Michel Drescher wrote:
Donal K. Fellows wrote:
Marvin Theimer wrote:
If we narrow the definitions of mountpoint and mountsource enough and precisely describe their semantics then we might arrive at something that could be fairly widely used. I’m thinking of things like saying that you can’t navigate “out” of a file system via “cd ..”, etc. This is definitely something to explore.
Change "can't" to "shouldn't" and I'd agree. I don't regard the mount stuff as being a way of describing security enforcement points. Systems can do it that way, but at least some won't.
+1 from me. In fact, I think this should be part of JSDL in a "maintenance release" sort of publication anyway.
-1 from me for adding this in JSDL. It is not a language issue. I do think the HPC Profile should probably speak to this with respect to the execution environment that a job should expect.
In fact, I'd be happy enough with the profile stating that paths in JSDL documents should not contain either the "." or the ".." elements at all. That's a fairly strong requirement and guarantees that the job won't fail on systems where your style of semantics are enforced.
Again, +1 (and having it normatively mentioned in the JSDL publication)
I too see this is a profiling issue. I have no problem for the HPC profile to make a stronger statement than the JSDL spec on this as a security consideration. So -1 from me for adding this in the JSDL spec normatively. -- Andreas Savva Fujitsu Laboratories Ltd