Re: Reliability of RPC services

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliability of RPC services

From:	Jonathan S. Shapiro
Subject:	Re: Reliability of RPC services
Date:	Tue, 25 Apr 2006 06:52:05 -0400

On Tue, 2006-04-25 at 10:38 +0200, Michal Suchanek wrote:
> On 4/25/06, Jonathan S. Shapiro <address@hidden> wrote:
> >
> > Yes, so now you have a situation where client A is notified of the
> > server's mishandling of client B. This is a security error. Coyotos will
> > not expose this fact.
> 
> How is client A notified of mishandling of client B? It is only
> notified when its own capability is dropped for whatever reason. Be it
> server is killed, just drops it, forwards it to another server that
> fails to handle it, or overwites it with a capability received from B.
> But A cannot tell that.

You are mistaken. Assume that A and B are trying (improperly) to
communicate by exploiting the drop notices. They *can* communicate this
way.

When reasoning about system architecture, it is rarely good to say "X
doesn't know Y", because this assumption is often wrong. A more
productive approach is to ask "how could X and Y exploit this to achieve
something unexpected?"

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Reliability of RPC services, (continued)

Prev by Date: Re: Reliability of RPC services
Next by Date: Re: Reliability of RPC services
Previous by thread: Re: Reliability of RPC services
Next by thread: Re: Reliability of RPC services
Index(es):
- Date
- Thread