Scribit Bas Wijnen dies 23/05/2006 hora 20:53: > This capability also allows checking that these banks are opaque.
In all your scenario, you seem to omit something: without the constructor mechanism, no process can verify anything accurately about any other process, except if all of the parents of it are to be trusted. That is, except for a process spawned by the TCB, no capability can be trusted not to be faked or sniffed. And AFAIK, there is no mean for a process to check that it has been spawned by the TCB. But when a process is spawned by a constructor and given some capabilities to the TCB that the requestor cannot spy or alter, it is be given the ability to check properties of it's environment accurately. Am I wrong on anything here? Curiously, Nowhere man -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
