l4-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POSIX


From: Jonathan S. Shapiro
Subject: Re: POSIX
Date: Thu, 27 Oct 2005 11:27:51 -0400

On Thu, 2005-10-27 at 17:15 +0200, Alfred M. Szmidt wrote:
>    In any case, this is not relevant. Your original assertion was that
>    users cannot have any more confidence in their kernels then they
>    can in downloaded code. I was explaining why this was not correct.
> 
> But it isn't correct.  What you explained was simply that you can
> confine a process, and not have it do evil things.  This doesn't
> change the level of confidence in the kernel or the program.

There are two ways to achieve confidence:

  inspection
  constraint

Because you know what kernel you are running, inspection is feasible,
and higher confidence is possible than for downloadable code. For
downloadable code, inspection is infeasible, and the only realistic
option is constraint. Unfortunately, POSIX isn't strong enough to
achieve the kinds of constraint that are needed to have confidence that
you are safe in the face of downloadable code.

shap





reply via email to

[Prev in Thread] Current Thread [Next in Thread]