[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Perils of Pluggability (was: capability authentication)
From: |
Jonathan S. Shapiro |
Subject: |
Re: The Perils of Pluggability (was: capability authentication) |
Date: |
Mon, 10 Oct 2005 09:16:02 -0400 |
On Mon, 2005-10-10 at 13:38 +0200, Alfred M. Szmidt wrote:
In some cases this is true. In some cases it is probably less true than
we would like to believe
>
> So: plugability is good, and necessary, but there are places where
> it is a very bad idea, and the proc server is a good example of
> where it is bad.
>
> I strongly disagree, me running my own proc server will not affect
> anyone, unless they say that they trust my proc server. And I cannot
> tell the other user to trust it.
The problem isn't really trusting your proc server. The problem is that
any time I call a process *created* by your proc server I am trusting
your proc server, and this means that I have to authenticate the process
abstraction itself before I can call anything.
All of these authentications are certainly possible, but in practice
they are too hard a burden and programmers do not do them.
Let me back up: what functionality is provided by instantiating a new
proc server? Perhaps there is a design that can achieve this securely.
shap
- Re: The Perils of Pluggability, (continued)
- Re: The Perils of Pluggability, Alfred M. Szmidt, 2005/10/10
- Re: The Perils of Pluggability, Jonathan S. Shapiro, 2005/10/10
- Re: The Perils of Pluggability, Matthieu Lemerre, 2005/10/10
- Re: The Perils of Pluggability, Alfred M. Szmidt, 2005/10/11
- Re: The Perils of Pluggability, Jonathan S. Shapiro, 2005/10/11
- Re: The Perils of Pluggability, Jonathan S. Shapiro, 2005/10/10
Re: The Perils of Pluggability (was: capability authentication), Alfred M. Szmidt, 2005/10/10
- Re: The Perils of Pluggability (was: capability authentication),
Jonathan S. Shapiro <=
Re: Capability Authentication, Marcus Völp, 2005/10/13
- Re: Capability Authentication, Marcus Brinkmann, 2005/10/14
- Re: Capability Authentication, Marcus Völp, 2005/10/17
- Re: Capability Authentication, Marcus Brinkmann, 2005/10/17
- Re: Capability Authentication, olafBuddenhagen, 2005/10/18
- Re: Capability Authentication, Marcus Brinkmann, 2005/10/18
- Re: Capability Authentication, olafBuddenhagen, 2005/10/20
- Re: Capability Authentication, Marcus Brinkmann, 2005/10/20
- Re: Capability Authentication, Jonathan S. Shapiro, 2005/10/21
- Re: Capability Authentication, Marcus Brinkmann, 2005/10/25