Re: Part 2: System Structure

[Bas Wijnen]

On Wed, May 24, 2006 at 07:02:30PM +0200, Tom Bachmann wrote:
> Pierre THIERRY wrote:
> > If it is from your parent, you cannot trust it.
> > 
> 
> > Because the existance of a child process is completely defined by its
> > parent, its understanding of what is secure, what its needs are, what
> > is "external" to itself and what is internal, etc, is completely
> > defined by the parent as well.
> 
> (from marcus initial mail on this subject)

While this is certainly relevant, it doesn't quite answer his problem.  Marcus
was speaking about trivial confinement here, which means the parent is the
process providing both the code and the space bank.  In this case the space
bank is provided by a third party, and the one providing it is (confusingly,
IMO) called the parent (so the parent does *not* provide the code).

It can still be trusted though, because it is the user session, which is part
of the TCB.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature