[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: L4-Hurd; denial of service in the memory architecture
|
From: |
Christopher Nelson |
|
Subject: |
RE: L4-Hurd; denial of service in the memory architecture |
|
Date: |
Mon, 19 Jan 2004 16:23:54 -0700 |
>On Mon, Jan 19, 2004 at 03:24:55PM -0700, Christopher Nelson wrote:
>> Yes, but if you are sharing a capability with an untrusted task, and
>> that task suddenly has the ability to impersonate you to
>someone else
>> in that it can allocate frames that count against your
>quota, then you
>> have permission leakage.
>
>Then don't share the capability. It's that simple.
>
>> Certainly you would want that task to access THAT memory, but you
>> certainly would not want that task to be able to allocate
>more memory
>> against your quota.
>
>We will have a way to share memory securely with another task.
> I am not sure how exactly it is done at a syntactical level
>(ie, which kind of cap is passed with which operations).
>Surely the semantics have (and largely are) defined in the Right Way.
>
>> Why does the capability to
>> read or write a container also permit expansion of the container?
>
>I am not even sure the details are set in stone at that level.
> Take this stuff with a grain of salt. The design, in
>particular the design of the VM subsystem, is not exactly finished.
Ah hah. Thank you for answering my noob questions. I appreciate it.
:-)
-={C}=-