On Mon, 2005-10-31 at 13:29 +0200, Paavo Parkkinen wrote: > On Sun, 30.10.2005 at 16:55 -0500, Jonathan S. Shapiro wrote: > > There is a meta-level problem with self-paging. It is predicated on the > > assumption that one application should be informed about pressures > > resulting from the behavior of other applications. > > Why is this a problem?
Because any story about security begins with the goal that for any two process A and B, it should be possible to prevent communication from A to B. If B is asked to reduce its working set in response to an action by A, then communication has occurred. This is a surprisingly high bandwidth channel. We will not, of course, achieve the isolation goal perfectly in any real system, but it would be a grave error to architect in a feature that makes any meaningful separation impossible from the beginning. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
