[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design principles and ethics
From: |
Bas Wijnen |
Subject: |
Re: Design principles and ethics |
Date: |
Tue, 2 May 2006 14:02:07 +0200 |
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Tue, May 02, 2006 at 01:30:05PM +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 02/05/2006 hora 10:14:
> > For non-trivial confinement, constructor == parent.
>
> No. Constructor != instanciatior.
>
> I'm not sure, but I think instanciator == parent.
This is not true in general, but it is true for trivial confinement. It is
not true in particular for the constructor.
Hmm, I'm not sure what you mean, so I'll try to explain again:
In general, there are two parties involved in starting up a new process:
- The instantiator. That's the process which wants the child to be created,
for example the user's shell.
- The parent. That's the process which actually does the child creation. It
can be the same process as the instantiator, but it can also be a service
which is called by the instantiator. This service process is then called a
constructor (if it's the only service it provides).
The child itself is not a party in the process, because it doesn't exist yet.
Once it does exist, it acts on behalf of its parent (which has total control
over what is in the initial code image). Note that this doesn't mean it
always does things the parent likes: It is very useful for a parent to start a
child which is possibly hostile against the parent, for example an e-mailed
executable, or a downloaded plugin or program.
Now then. There are three types of process creation. I'll list them and say
things about the parent and instantiator:
- non-trivial non-confinement. The constructor is used to make a process
which is not confined. Here the constructor is the parent, and the process
calling the constructor is the instantiator. The parent gives some
capabilities to the child, and it hands the instantiator a communication
channel.
- non-trivial confinement. The constructor is used to make a confined
process. This is identical to non-trivial non-confinement, except that the
parent does not add unconfined capabilities to the child. The instantiator
can verify this.
- Trivial confinement. There is no constructor. The parent and instantiator
are the same process. The process is of course confined, because there
exists no "other party" which might break the confinement. This is
different from the non-trivial cases, where the parent and instantiator
don't trust each other.
Does this clear things up?
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Design principles and ethics, (continued)
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/05/01
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/01
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/05/01
- Re: Design principles and ethics, Bas Wijnen, 2006/05/01
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/01
- Re: Design principles and ethics, Bas Wijnen, 2006/05/01
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/01
- Re: Design principles and ethics, Bas Wijnen, 2006/05/02
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/02
- Re: Design principles and ethics, Tom Bachmann, 2006/05/02
- Re: Design principles and ethics,
Bas Wijnen <=
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/05/02
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/05/01
RE: Design principles and ethics, Christopher Nelson, 2006/05/01
RE: Design principles and ethics, Christopher Nelson, 2006/05/01
RE: Design principles and ethics, Christopher Nelson, 2006/05/02