Re: Security models (was: A niche for the Hurd

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security models (was: A niche for the Hurd - next step: reality chec

From:	Arne Babenhauserheide
Subject:	Re: Security models (was: A niche for the Hurd - next step: reality check)
Date:	Thu, 4 Dec 2008 19:28:23 +0100
User-agent:	KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; )

Hi Olaf, 

Firstoff: Thank you! 

This is information I hoped for! 

Am Mittwoch 03 Dezember 2008 13:57:12 schrieb olafBuddenhagen@gmx.net:
> When a process needs the service of another process which deals with
> resources it has no access to itself -- say a powerbox -- it doesn't
> launch that process itself. Instead, it invokes the service from a
> process launched by another party. This way it has no access to the
> resources of that other process -- but the user who launched that other
> process does have control over it.

To a question we had offlist (the discussion continued, and I asked Neal for 
an update, but he didn't yet get to explain his model in general): Can that 
service request more memory when it runs out of memory (which it can give new 
processes), and can it offer proper resource management, so users can't harm 
each others performance? 

> > Of course, the extension might not be implemented or the process might
> > not have permission to use it but then the process might refuse to run
> > in that case.
>
> In our model, a process has no means to refuse running. We have complete
> control over it, and we can make it believe whatever we want it to
> believe.

That's exactly the kind of system I want to run. Thank you for clearing it up! 

[snip]

> Indeed, this is the real threat: We can't fool the server. If remote
> attestation becomes commonplace, Disney will be able to deny access by
> our non-treacherous system alltogether.
>
> That's why we need to fight the TPM stuff teeth an claw.

I couldn't have stated it better. 

Thank you! 
Arne
-- 
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the 
history of free software.
-- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.

-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

Security models (was: A niche for the Hurd - next step: reality check), olafBuddenhagen, 2008/12/04
- Re: Security models (was: A niche for the Hurd - next step: reality check), Arne Babenhauserheide <=
  - Re: Security models, olafBuddenhagen, 2008/12/12
    - Re: Security models, Arne Babenhauserheide, 2008/12/12
    - Re: Security models, olafBuddenhagen, 2008/12/18
    - Re: Security models, Arne Babenhauserheide, 2008/12/18

Prev by Date: Re: What shall the filter do to bottommost translators
Next by Date: Re: USB -- GPLv3 compatibility
Previous by thread: Security models (was: A niche for the Hurd - next step: reality check)
Next by thread: Re: Security models
Index(es):
- Date
- Thread