[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Challenge: Find potential use cases for non-trivial confinement
From: |
Christopher Nelson |
Subject: |
RE: Challenge: Find potential use cases for non-trivial confinement |
Date: |
Tue, 2 May 2006 13:08:22 -0600 |
>
> On Tue, May 02, 2006 at 10:05:23AM -0600, Christopher Nelson wrote:
> > > Any other part of the OS (and that's almost everything)
> can indeed
> > > be upgraded without a reboot.
> >
> > Lol. Okay.
> > So the TCB *isn't* the OS. What's in the TCB? Let's see... The
> > kernel, of course. Probably the network stack (those are
> always perfect)...
> > Umm... Interface drivers for the keyboard and the mouse and my
> > newfangled widget.... Also... Let's see.. Oh yeah ALL the
> drivers for
> > untrustable hardware buses, which includes my network card,
> my video
> > card, my sound card... And of course, those are all gonna
> be perfect.
> >
> > My point is that the TCB includes stuff that needs
> updating, and may
> > need updating on a regular basis as bugs are discovered.
>
> The TCB should be pretty stable. New features are never
> added (mostly because the TCB isn't the place where most
> features are implemented). Bugs may need to get fixed at
> first, but the amount of bugs that are found per unit time
> will decrease. After some time, it should be pretty close to zero.
Do you have much experience with running a datacenter of any size? Bugs
*never* approach zero. Or at least, they do so very rarely. We have to
patch so-called "core" software twice a month. Oftimes this includes
what would be considered part of the "TCB". In the real world "should"
and "do" are very different. I think it's a nice idea, and it will be
interesting to see how it works in practice.
> > Requiring a production server to have manual intervention for each
> > update is just not feasible for large datacenters.
>
>It is a too dangerous operation to protect only by a
> password.
I agree with that.
> > Maybe you feel that this is not an area that is of interest
> to the Hurd.
>
> Now you're being silly. ;-)
Yes. :-D
- Re: Challenge: Find potential use cases for non-trivial confinement, (continued)
RE: Challenge: Find potential use cases for non-trivial confinement,
Christopher Nelson <=
RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/02
Re: Challenge: Find potential use cases for non-trivial confinement, Jeremy Shaw, 2006/05/02
Re: Challenge: Find potential use cases for non-trivial confinement, olafBuddenhagen, 2006/05/02
RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/02