[prev in list] [next in list] [prev in thread] [next in thread]
List: e-lang
Subject: RE: [E-Lang] Re: Old Security Myths Continue to Mislead
From: "Karp, Alan" <alan_karp () hp ! com>
Date: 2001-08-09 3:15:16
[Download RAW message or body]
> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Monday, August 06, 2001 2:23 PM
> To: E Language Discussions
> Subject: Re: [E-Lang] Re: Old Security Myths Continue to Mislead
>
>
> > Even though all messages passed through the core, the core
> never looked at
> > the payloads. Hence, confinement ala Lampson was not enforced.
> Capability
> > confinement could have been enforced using a mechanism in
> the design that
> we
> > did not get a chance to implement.
>
> Examining the payloads is not required. The core must only
> validate that the
> sender holds a valid capability to the receiver. This is a common
> misunderstanding of confinement. Go back and look at Lampson again.
Yep. You're right.
We could indeed control which clients another one can send a message to, but
only through the visibility tests. So, it wasn't the capability to send a
message that we implemented; it was enforcing the negative capabilities in
your protection domain.
>
> Jonathan
>
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>
_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-3
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic