On Mon, 2006-05-01 at 17:15 +0200, Pierre THIERRY wrote: > Scribit Bas Wijnen dies 01/05/2006 hora 11:30: > > In order to guarantee confinement (and encapsulation, as you define it > > below), > > A. The instantiator must know that there is no unauthorized outward > > communication. Unauthorized by the instantiator, that is. > > B. The parent must know that information cannot be extracted from the > > program > > without the parent's consent. > > > > Now the question is: are these requirements fulfilled for the case of > > "trivial > > confinement". Indeed they are, because in that case the parent and the > > instantiator are the same process, which leads to an implicit trust of each > > other. > > But trivial confinement adds an additional, perhaps unwanted, > requirement: > > C. The child cannot have any capability that the parent couldn't gain > access to.
I think that this is correct, but it would be more precise to say: "the child cannot have any *initial* capability that the parent couldn't gain access to. Subsequent interaction may lead to the process acquiring more capabilities. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
