l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Perils of Pluggability (was: capability authentication)

From: Alfred M. Szmidt
Subject: Re: The Perils of Pluggability (was: capability authentication)
Date: Mon, 10 Oct 2005 13:38:04 +0200 (CEST) 
   I understand that it is not a goal for Hurd to be secure in the
   sense that Coyotos tries to be, but if you achieve your goal above
   you will manage to be *insecure* in the way that Windows is. We do
   not need another Windows in the world.

The Hurd is by design more secure than GNU/Linux.  The extra
plugability partially gives this extra security.  As long as the user
can't screw up something for another user, then plugability should be
added.

   So: plugability is good, and necessary, but there are places where
   it is a very bad idea, and the proc server is a good example of
   where it is bad.

I strongly disagree, me running my own proc server will not affect
anyone, unless they say that they trust my proc server.  And I cannot
tell the other user to trust it.  The same goes for any other server
in the Hurd, the only servers that are trusted by default are the ones
run by uid 0 (you have to trust something, otherwise you won't be able
to do anything).
reply via email to
[Prev in Thread] Current Thread [Next in Thread]