Re: POSIX

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POSIX

From:	Jonathan S. Shapiro
Subject:	Re: POSIX
Date:	Wed, 26 Oct 2005 09:29:50 -0400

On Wed, 2005-10-26 at 13:04 +0200, Alfred M. Szmidt wrote:
>    I would agree with that, but for me this is mostly about security.
>    It would be nice to be able to run potentially hostile
>    applications, but it takes a lot of trouble, and then still you're
>    not sure if it's ok.
> 
> It takes very little trouble, you can do this with the Hurd right now,
> sub-hurds.

I am not sure exactly what is included in a sub-hurd, but I infer that
it is a more comprehensive extension of a chroot-jail.

Observation: Security that relies on explicit user action in order to
achieve protection comes too late. By the time you realize you need it,
you are already compromised. Secure behavior must be the default.

Implication:

   If the sub-hurd is going to be the basic mechanism of security, then
   EVERY new execution of every application should be performed in a
   freshly instantiated sub-hurd.

So: how does the latency of forming a sub-hurd compare to the latency of
fork()?

shap

[Prev in Thread]

Current Thread

[Next in Thread]

POSIX (was: Re: Let's do some coding :-) ), (continued)

Prev by Date: Rants from Alfred
Next by Date: Re: POSIX
Previous by thread: Re: POSIX
Next by thread: Re: POSIX
Index(es):
- Date
- Thread