[prev in list] [next in list] [prev in thread] [next in thread] 

List:       e-lang
Subject:    RE: [E-Lang] Re: Old Security Myths Continue to Mislead
From:       "Karp, Alan" <alan_karp () hp ! com>
Date:       2001-08-09 3:15:16
[Download RAW message or body]

> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Monday, August 06, 2001 2:23 PM
> To: E Language Discussions
> Subject: Re: [E-Lang] Re: Old Security Myths Continue to Mislead
> 
> 
> > Even though all messages passed through the core, the core 
> never looked at
> > the payloads.  Hence, confinement ala Lampson was not enforced.
> Capability
> > confinement could have been enforced using a mechanism in 
> the design that
> we
> > did not get a chance to implement.
> 
> Examining the payloads is not required. The core must only 
> validate that the
> sender holds a valid capability to the receiver. This is a common
> misunderstanding of confinement. Go back and look at Lampson again.

Yep.  You're right.  

We could indeed control which clients another one can send a message to, but
only through the visibility tests.  So, it wasn't the capability to send a
message that we implemented; it was enforcing the negative capabilities in
your protection domain.

> 
> Jonathan
> 
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
> 

_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-3
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
 
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang

[prev in list] [next in list] [prev in thread] [next in thread]