Re: ConfirmPassword

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ConfirmPassword

From:	Jonathan S. Shapiro
Subject:	Re: ConfirmPassword
Date:	Tue, 25 Oct 2005 21:01:17 -0400

On Tue, 2005-10-25 at 21:30 +0200, Bas Wijnen wrote:

> The requirement that the instantiator should not be allowed to inspect the
> instantiated is only needed for programs which receive capabilities that the
> instantiater doesn't have.  In other cases it doesn't usually harm to allow
> the inspection, but there isn't really a reason to try to allow it.  It's more
> a matter of not spending performance on trying to enforce it.

There *is* a good reason: the principle of least authority.

Fortunately, it doesn't involve any extra effort. It is a natural
consequence of proper system structure that inspection requires the
consent of the inspected process.

> > Would it be a good idea to use the ctrl-alt-del-mechanisms of
> > "IBM-compatible" PCs on these machines?
> 
> That is a different version of the same idea: the trusted hardware in that
> case being a certain combination of keys which cannot be handled by
> applications.  I very much dislike the idea of reserving key combinations
> though, and I think it was a _very_ bad idea from them to use a combination
> with an existing, very different, meaning.

Yes. However, there is a key that was specifically intended for this
purpose: SYSREQ.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

ConfirmPassword, Martin Schaffner, 2005/10/25
- Re: ConfirmPassword, Bas Wijnen, 2005/10/25
  - Re: ConfirmPassword, Jonathan S. Shapiro <=
- Re: ConfirmPassword, Jonathan S. Shapiro, 2005/10/25

Prev by Date: Re: Let's do some coding :-)
Next by Date: Re: On Compatibility
Previous by thread: Re: ConfirmPassword
Next by thread: Re: ConfirmPassword
Index(es):
- Date
- Thread