[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: L4-Hurd; denial of service in the memory architecture

From: Christopher Nelson
Subject: RE: L4-Hurd; denial of service in the memory architecture
Date: Mon, 19 Jan 2004 16:23:54 -0700

>On Mon, Jan 19, 2004 at 03:24:55PM -0700, Christopher Nelson wrote:
>> Yes, but if you are sharing a capability with an untrusted task, and 
>> that task suddenly has the ability to impersonate you to 
>someone else 
>> in that it can allocate frames that count against your 
>quota, then you 
>> have permission leakage.
>Then don't share the capability.  It's that simple.
>> Certainly you would want that task to access THAT memory, but you 
>> certainly would not want that task to be able to allocate 
>more memory 
>> against your quota.
>We will have a way to share memory securely with another task. 
> I am not sure how exactly it is done at a syntactical level 
>(ie, which kind of cap is passed with which operations).  
>Surely the semantics have (and largely are) defined in the Right Way.
>> Why does the capability to
>> read or write a container also permit expansion of the container?
>I am not even sure the details are set in stone at that level. 
> Take this stuff with a grain of salt.  The design, in 
>particular the design of the VM subsystem, is not exactly finished.

Ah hah.  Thank you for answering my noob questions.  I appreciate it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]