[prev in list] [next in list] [prev in thread] [next in thread]
List: cap-talk
Subject: Re: [cap-talk] Rooted graph bad for POLA ? ( search capability )
From: "Rob Meijer" <capibara () xs4all ! nl>
Date: 2008-11-01 7:05:18
Message-ID: 13999.82.95.100.23.1225523118.squirrel () webmail ! xs4all ! nl
[Download RAW message or body]
On Thu, October 2, 2008 16:23, Karp, Alan H wrote:
> Marcus Brinkmann wrote:
>>
>> This is the super-root without which I would feel that the system does
>> not give me the same level of functionality as a system which does not
>> have such a super-root.
>>
> But you want minimize the number of programs that run as super-root. You
> may be able to get away with exactly one, an administrator's powerbox.
>
An important question I feel is : "Does it need this on running system?"
I feel that a running system would in most cases, after some boot-up
process be able to run without any process being connected to the super
root and without any process being able to claim access to it.
The 'hardened unix' multi-boot approach seems like a good example. You can
boot up in two modes, either the fully operational fully connected one, or
into a network deprived single user 'admin mode' where most of the system
is down and not connected to the network.
Is your car less flexible if it does not allow you to tune your engine
while you are driving? sure it is. Should this be a reason for building
more flexible cars where the driver has full access to his engine while
driving, but might loose a few fingers in using this access? I believe it
should not.
I feel the same is equally valid for most IT systems.
Rob
_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic