Re: How to add confinement to the Hurd?

[Jonathan S. Shapiro]

> Scribit Marcus Brinkmann dies 30/04/2006 hora 22:29:
> > I can even tell you why there is an ethical issue.  The reason is that
> > non-trivial confinement separates ownership of digital content into a
> > party that has access and modification right and a party which has the
> > right to decide durability.

Marcus:

What you say is definitely NOT true of the constructor (Well, it is true
in a sense, but this is due to a bug. I will explain.). If I instantiate
a program with a constructor, I have the right to do any operation that
the program supports, and I also have the right to destroy the program.

The bug in the present constructor is a small violation of this, but not
one that really matters: at the moment, the *creator* of the constructor
could destroy it, with the effect that the binary image would be deleted
out from under my running instance.

This can be fixed by modifying the constructor trivially: I can ask that
it make a copy of the address space into storage that I supply (without
disclosing the copy to me). After that, the creator can destroy the
constructor itself, but they cannot destroy my instance of the program.

So: I think you must be thinking of something else. Can you explain?


Also, I truly do not understand why this presents a moral hazard. This
is not a question of selective disclosure.

Can you explain the moral hazard here?


shap