[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Challenge: Find potential use cases for non-trivial confinement
From: |
Bas Wijnen |
Subject: |
Re: Challenge: Find potential use cases for non-trivial confinement |
Date: |
Tue, 2 May 2006 19:44:34 +0200 |
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Tue, May 02, 2006 at 10:05:23AM -0600, Christopher Nelson wrote:
> > Any other part of the OS (and that's almost everything) can
> > indeed be upgraded without a reboot.
>
> Lol. Okay.
> So the TCB *isn't* the OS. What's in the TCB? Let's see... The kernel,
> of course. Probably the network stack (those are always perfect)...
> Umm... Interface drivers for the keyboard and the mouse and my
> newfangled widget.... Also... Let's see.. Oh yeah ALL the drivers for
> untrustable hardware buses, which includes my network card, my video
> card, my sound card... And of course, those are all gonna be perfect.
>
> My point is that the TCB includes stuff that needs updating, and may
> need updating on a regular basis as bugs are discovered.
The TCB should be pretty stable. New features are never added (mostly because
the TCB isn't the place where most features are implemented). Bugs may need
to get fixed at first, but the amount of bugs that are found per unit time
will decrease. After some time, it should be pretty close to zero.
> Requiring a production server to have manual intervention for each update is
> just not feasible for large datacenters.
As I said, it is possible to do it without a reboot. For some situations, in
particular servers which cannot accept much downtime, this will be a good
idea. But I wouldn't want to enable it by default. For most machines it
makes very much sense if a TCB upgrade is simply impossible on a running
system. It is a too dangerous operation to protect only by a password.
> Maybe you feel that this is not an area that is of interest to the Hurd.
Now you're being silly. ;-)
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Challenge: Find potential use cases for non-trivial confinement, (continued)
- Re: Challenge: Find potential use cases for non-trivial confinement, Jonathan S. Shapiro, 2006/05/01
- RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/01
- RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/01
- RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/01
- RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/02
- Re: Challenge: Find potential use cases for non-trivial confinement,
Bas Wijnen <=
RE: Challenge: Find potential use cases for non-trivial confinement, Christopher Nelson, 2006/05/02