Re: Wrapper design patterns (was: Revocation vs destruction)

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wrapper design patterns (was: Revocation vs destruction)

From:	Jonathan S. Shapiro
Subject:	Re: Wrapper design patterns (was: Revocation vs destruction)
Date:	Tue, 29 Nov 2005 13:45:24 -0500

On Tue, 2005-11-29 at 15:17 +0100, Pierre THIERRY wrote:
> Scribit Jonathan S. Shapiro dies 18/10/2005 hora 15:58:
> > In principle, we could do something similar for capabilities that
> > travel from one user to another -- any time a capability crosses this
> > boundary it's wrapper is replaced. This replacement is implemented by
> > a reference monitor.
> 
> How does the system knows you cross the boundary? If a process belonging
> to a different user gets the capability, how does anyone know it is in
> fact a different user?

Remember that in this scenario the only paths between users go through a
reference monitor. The reference monitor performs the substitution.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Wrapper design patterns (was: Revocation vs destruction), Pierre THIERRY, 2005/11/29
- Re: Wrapper design patterns (was: Revocation vs destruction), Jonathan S. Shapiro <=
  - Re: Wrapper design patterns (was: Revocation vs destruction), Pierre THIERRY, 2005/11/30

Prev by Date: Re: self-paging
Next by Date: Re: Wrapper design patterns (was: Revocation vs destruction)
Previous by thread: Re: Wrapper design patterns (was: Revocation vs destruction)
Next by thread: Re: Wrapper design patterns (was: Revocation vs destruction)
Index(es):
- Date
- Thread