[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design principles and ethics
|
From: |
Bas Wijnen |
|
Subject: |
Re: Design principles and ethics |
|
Date: |
Tue, 2 May 2006 01:09:48 +0200 |
|
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Mon, May 01, 2006 at 04:51:25PM -0600, Christopher Nelson wrote:
> > In the case of trivial confinement, the child implicitly
> > agrees for the parent to debug it, because it allows to be
> > started by it. Let me put it
> > differently: The child's opinion about this is irrelevant,
> > because the child isn't a party in the operation of starting
> > a confined process. The parties which are involved are the
> > parent, which is the process starting the child, and the
> > instantiator, which is the process requesting the startup.
>
> If the child doesn't *want* to be started by any given parent, that's
> just tough luck? What you are saying, then, is that *any* program can
> be run by *any* other program, and the program which is spawned has no
> control over anything?
Yes. If my program gets access to a piece of code, then it can run that piece
of code as a new process. The piece of code doesn't have a say in that.
Note that the piece of code also doesn't have any capabilities. When I start
it, I must provide all of it. And it cannot gain any rights from anyone that
I couldn't have gained by directly talking to that process, without the
instantiation at all.
> >If it doesn't, it must refuse to run at all.
>
> How does the child have any guarantees about anything? In other words,
> how can it refuse to run?
It can't. The thing is that if the child (which before instantiation is just
a bunch of numbers) should have a say in this, then it must somehow be able to
decide to "refuse" something. I meant to indicate that this is impossible.
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Design principles and ethics, (continued)
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/01
- Re: Design principles and ethics, Bas Wijnen, 2006/05/01
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/01
- Re: Design principles and ethics, Bas Wijnen, 2006/05/02
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/02
- Re: Design principles and ethics, Tom Bachmann, 2006/05/02
- Re: Design principles and ethics, Bas Wijnen, 2006/05/02
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/05/02
- Re: Design principles and ethics, Jonathan S. Shapiro, 2006/05/01
RE: Design principles and ethics, Christopher Nelson, 2006/05/01
- Re: Design principles and ethics,
Bas Wijnen <=
RE: Design principles and ethics, Christopher Nelson, 2006/05/01
RE: Design principles and ethics, Christopher Nelson, 2006/05/02
RE: Design principles and ethics, Christopher Nelson, 2006/05/02