[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On trusting its parent process
|
From: |
Marcus Brinkmann |
|
Subject: |
Re: On trusting its parent process |
|
Date: |
Wed, 13 Jul 2005 18:40:50 +0200 |
|
User-agent: |
Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Wed, 13 Jul 2005 18:17:31 +0200,
address@hidden (Ludovic Courtès) wrote:
> Marcus Brinkmann <address@hidden> writes:
> Only in some cases do processes need to have "absolute authenticity"
> proofs, that is, authenticity wrt. what the machine's administrator
> intends to do. For instance, `passwd' needs to make sure the data it is
> accessing is the one _it_ created earlier.
Ah, nice observation. But even that is relativ of course: What if I
run a sub-hurd under my own user ID: With my own authentication
server, root filesystem etc? Then of course the enclosed passwd wants
to use the passwd file from _that_ root filesystem...
> (I guess persistence comes
> in handy here because such sensitive programs do not need to expose
> their state publicly and need not rely on an authentic file server.)
Yeah, persistency seems to be help a lot here.
> It looks like I'm just repeating the same things over, but it really
> helps me understand the issue. ;-)
Nah, we are still fine tuning it :)
Marcus
Re: On trusting its parent process, Lee Braiden, 2005/07/13