Re: Challenge: Find potential use cases for non-trivial confinement

[Bas Wijnen]

On Tue, May 02, 2006 at 08:11:08PM +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 02/05/2006 hora 19:44:
> > > My point is that the TCB includes stuff that needs updating, and may
> > > need updating on a regular basis as bugs are discovered.
> > The TCB should be pretty stable.
> 
> Please state what the TCB includes. None of you two has the same
> definition of it. I suspect Bas only sees the boot system and the
> ?-kernel along with some very low-level components of the OS. Wether
> device drivers fit in there is unclear. Surely not the network stack.

Actually, I think we have pretty much the same definition.  However, now I
think of it, not the whole TCB needs this strong restriction.  Only the parts
which can be used to take over other unrelated parts (that they conceptually
don't have access to) must be prevented from "easy" upgrading.  That's the
kernel, the prime space bank (that is, the whole space bank mechanism),
probably the hard disk driver which is used for maintaining the snapshot, and
all drivers which can (potentially) do DMA.

Still quite a respectable body of code, but not something which needs regular
upgrades, I would expect.  But of course my expectations may be wrong.  I
think that's actually the main difference in our views. :-)

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature