On Wed, 2006-06-14 at 12:59 +0200, Marcus Brinkmann wrote: > I don't think that you solve these issues in your system design > either. The emacs program would require the cummulative authorities > that you have to provide to the programs you start from its shell.
At least in EROS, this is not the case. The user can provide emacs with a directory of constructors. Each constructor contains the authority that will be used by that child program, which may include authority that emacs does not have. Emacs has the authority to instantiate these programs, but not to acquire their authority. Note, however, that EMACS is the (direct) source of storage for these programs. If emacs can inspect the content of any storage that it provides, then it can fetch their authorities. If this is possible, then sub-programs cannot be protected from malicious emacs-lisp code. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
