l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurdish applications for persistence

From: Marcus Brinkmann
Subject: Re: Hurdish applications for persistence
Date: Fri, 14 Oct 2005 15:19:18 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) 
At Fri, 14 Oct 2005 14:44:49 +0200,
Bas Wijnen <address@hidden> wrote:

> > Please let us know what you think of the Korn/Gansner approach as an
> > alternative. I think it's cleaner.
> 
> It would definitely be cleaner, but I think it doesn't solve all problems.

I don't think it is supposed to ;)

> Even when we solve the passive translator problem (say, by dropping them and
> making a persistant system), there are still active translators.
> 
> If the chrooted filesystem contains an active translator, it will (correctly)
> have a different root.  This can be used to construct communication channels,
> but I feel it would also generate accidental channels.

This is always true.  If you give somebody a capability that allows
you to retrieve further capabilities, then yes, you give potentially
all those other capabilities to the process as well.

But note that if the task is confined, it can not get such a
capability from the constructor.  So, the instantiator would
explicitely give it such a capability.  You can shoot yourself in the
foot.
 
> Of course there is no danger of a chrooted task abusing it, as
> active translators started by it will be chrooted as well.

This is the important difference.
 
Thanks,
Marcus
reply via email to
[Prev in Thread] Current Thread [Next in Thread]