Re: [PATCH] proxy memory objects

[Marcus Brinkmann]

On Wed, Dec 11, 2002 at 09:40:36PM -0800, Thomas Bushnell, BSG wrote:
> Marcus Brinkmann <address@hidden> writes:
> 
> > I want to check in this patch.
> 
> It still does not allow you to create a proxy for a proxy, and I think
> my explanation of that got lost in the jumble.
> 
> You need to be able to use a proxy in every call that you can use a
> real object, including importantly, the make proxy calls.

The interface does allow it.  The implementation does not.

I think I repeatedly said that my only concern for now is the following:

1.  Have an interface that allows everything we ever would want to do.

2.  Have as much implemented as needed to fix the currently gaping security
    hole in the Hurd.

For 1, the only open issue is how to specify a real hole.  I am currently
thinking of two possible ways to fix it (more on that later).  For 2, the
only thing needed is a simple proxy of a real memory object with range
from 0 to (vm_size_t) -1, and arbitrary protection.

You are right that the patch doesn't allow proxy of proxies, but we don't
really need it to fix the security hole.  The patch doesn't allow multiple
objects and range restriction either, but we don't really need it to fix the
security hole.

Look, we know aout this security hole for a long time now.  I would like to
fix it, and I am willing to compromise on the implementation side of the
issue in favor of security.  If someone else is interested to make a broader
implementation, I welcome that, but I don't have time nor interest in that
right now.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/