l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Challenge: Find potential use cases for non-trivial confinement

From: Christopher Nelson
Subject: RE: Challenge: Find potential use cases for non-trivial confinement
Date: Mon, 1 May 2006 16:55:36 -0600 
> On Mon, May 01, 2006 at 12:33:33AM -0400, Jonathan S. Shapiro wrote:
> > > > 1. I create a new constructor, so I am the creator. I put stuff 
> > > > into the constructor. I instantiate programs. So far 
> this is all 
> > > > just "trivial confinement" as you call it.
> > > 
> > > In my current system design, there is no constructor.  
> There is also 
> > > no meta-constructor, and the space bank will happily let 
> you inspect 
> > > and alter the content of any memory that is taken from 
> your reserve 
> > > (well, the last point may or may not be true, but for the 
> purposes 
> > > of analysis, we can assume it to be true).
> > 
> > It follows immediately that the system administrator can 
> inspect all 
> > storage, since all space banks are ultimately derived from 
> the primary 
> > space bank, which is owned by the system administrator.
> 
> This is getting annoying.  I wrote at least twice already 
> that the primary space bank is *not* owned by the system 
> administrator.  It is owned by the TCB, which is an entity 
> itself.  It will restrict access to it carefully, in 
> particular it will not give anyone (and that includes the 
> administrator) direct access to the prime space bank.

Ah, yes. Who owns the TCB?
Oh - no one. Cool. So who gets permission to update the TCB? 
Ah, of course, no one.  It's not like you ever need to patch a piece of
software, because all software is perfect once released.

-={C}=-
reply via email to
[Prev in Thread] Current Thread [Next in Thread]