l4-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification (was: Re: Challenge: Find potential use cases for non-


From: Bas Wijnen
Subject: Re: Clarification (was: Re: Challenge: Find potential use cases for non-trivial confinement
Date: Fri, 19 May 2006 16:35:10 +0200
User-agent: Mutt/1.5.11+cvs20060403

On Fri, May 19, 2006 at 04:28:12PM +0200, Michal Suchanek wrote:
> >I was assuming that you were talking about DRM software which protected
> >itself against all users on the system.  If the administrator installs it,
> >then at least the administrator himself can have access to it (because they
> >can't check that he did indeed give up his ability to log in to the
> >session.  He must have had it at first, because he had to install the DRM
> >software).
> 
> No. Either the software itself is the shell or the shell cannot be
> replaced so it is known how to prevent futher access to it.
> Authentication is user supplied so it is sufficient to break the
> authentication so that nobody can authenticate.

The providers can tell the administrator what he has to do, and if he indeed
does that, then I agree DRM would be possible.  But since the administrator
personally is one of the people they want protection against, they cannot rely
on him doing what they say.

For example, the administrator (or anyone else, for that matter) can set up a
(debuggable) sub-hurd, in which this software is installed.  It can't be
debugged from within the sub-hurd, but it can be from where the sub-hurd was
started.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]