[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fork, trivial confinement, constructor
|
From: |
Jonathan S. Shapiro |
|
Subject: |
Re: fork, trivial confinement, constructor |
|
Date: |
Wed, 14 Jun 2006 07:37:31 -0400 |
On Wed, 2006-06-14 at 12:59 +0200, Marcus Brinkmann wrote:
> I don't think that you solve these issues in your system design
> either. The emacs program would require the cummulative authorities
> that you have to provide to the programs you start from its shell.
At least in EROS, this is not the case. The user can provide emacs with
a directory of constructors. Each constructor contains the authority
that will be used by that child program, which may include authority
that emacs does not have. Emacs has the authority to instantiate these
programs, but not to acquire their authority.
Note, however, that EMACS is the (direct) source of storage for these
programs. If emacs can inspect the content of any storage that it
provides, then it can fetch their authorities. If this is possible, then
sub-programs cannot be protected from malicious emacs-lisp code.
shap
- fork, trivial confinement, constructor, Bas Wijnen, 2006/06/13
- Re: fork, trivial confinement, constructor, Eric Northup, 2006/06/13
- Re: fork, trivial confinement, constructor, Bas Wijnen, 2006/06/14
- Re: fork, trivial confinement, constructor, Marcus Brinkmann, 2006/06/14
- Re: fork, trivial confinement, constructor, Jonathan S. Shapiro, 2006/06/14
- Re: fork, trivial confinement, constructor, Jonathan S. Shapiro, 2006/06/14
- Re: fork, trivial confinement, constructor, Marcus Brinkmann, 2006/06/14
- Re: fork, trivial confinement, constructor, Marcus Brinkmann, 2006/06/14
- Re: fork, trivial confinement, constructor,
Jonathan S. Shapiro <=
- Re: fork, trivial confinement, constructor, Bas Wijnen, 2006/06/14
- Re: fork, trivial confinement, constructor, Bas Wijnen, 2006/06/14
- Re: fork, trivial confinement, constructor, Marcus Brinkmann, 2006/06/15