[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ConfirmPassword
From: |
Jonathan S. Shapiro |
Subject: |
Re: ConfirmPassword |
Date: |
Tue, 25 Oct 2005 21:01:17 -0400 |
On Tue, 2005-10-25 at 21:30 +0200, Bas Wijnen wrote:
> The requirement that the instantiator should not be allowed to inspect the
> instantiated is only needed for programs which receive capabilities that the
> instantiater doesn't have. In other cases it doesn't usually harm to allow
> the inspection, but there isn't really a reason to try to allow it. It's more
> a matter of not spending performance on trying to enforce it.
There *is* a good reason: the principle of least authority.
Fortunately, it doesn't involve any extra effort. It is a natural
consequence of proper system structure that inspection requires the
consent of the inspected process.
> > Would it be a good idea to use the ctrl-alt-del-mechanisms of
> > "IBM-compatible" PCs on these machines?
>
> That is a different version of the same idea: the trusted hardware in that
> case being a certain combination of keys which cannot be handled by
> applications. I very much dislike the idea of reserving key combinations
> though, and I think it was a _very_ bad idea from them to use a combination
> with an existing, very different, meaning.
Yes. However, there is a key that was specifically intended for this
purpose: SYSREQ.
shap