On Fri, 2007-01-12 at 15:41 +0100, Tom Bachmann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jonathan S. Shapiro schrieb: > > Translucent storage does not undermine confinement at all, so your > > supposition is mistaken. > > But there is no constructor needed to confine a program.
Why do you believe this? > As I understand it, the constructor serves as a trusted "mediator", that > allows to check the confinedness without constructing the process (in > non-translucent designs), that is, to run a program that is untrusted > without risking leakage, and without inspecting it. In EROS/Coyotos, this is true. Actually, it is a certifier, not a mediator (the constructor does not remain in the loop after creation). However: you ignored the other thing I said. Simply having a common place to encapsulate these algorithms is a sufficient reason to have a constructor. -- Jonathan S. Shapiro, Ph.D. Managing Director The EROS Group, LLC +1 443 927 1719 x5100 _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
