l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design principles and ethics

From: Jonathan S. Shapiro
Subject: Re: Design principles and ethics
Date: Mon, 01 May 2006 11:31:56 -0400 
On Mon, 2006-05-01 at 17:15 +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 01/05/2006 hora 11:30:
> > In order to guarantee confinement (and encapsulation, as you define it 
> > below),
> > A. The instantiator must know that there is no unauthorized outward
> >    communication.  Unauthorized by the instantiator, that is.
> > B. The parent must know that information cannot be extracted from the 
> > program
> >    without the parent's consent.
> > 
> > Now the question is: are these requirements fulfilled for the case of 
> > "trivial
> > confinement".  Indeed they are, because in that case the parent and the
> > instantiator are the same process, which leads to an implicit trust of each
> > other.
> 
> But trivial confinement adds an additional, perhaps unwanted,
> requirement:
> 
> C. The child cannot have any capability that the parent couldn't gain
> access to.

I think that this is correct, but it would be more precise to say: "the
child cannot have any *initial* capability that the parent couldn't gain
access to.

Subsequent interaction may lead to the process acquiring more
capabilities.

shap
reply via email to
[Prev in Thread] Current Thread [Next in Thread]