[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On trusting its parent process

From: Lee Braiden
Subject: Re: On trusting its parent process
Date: Wed, 13 Jul 2005 10:59:55 +0100
User-agent: KMail/1.8

On Tuesday 12 Jul 2005 14:05, Ludovic Courtès wrote:
> In the Hurd, processes get capabilities to the root filesystem, to
> `auth' and friends from their parent process.  This is very convenient
> because it allows to run processes in a "sandbox".  OTOH, this makes it
> impossible for a process to make sure it is talking to "authentic"
> servers, as in the Plan 9 case above.
> Now, what does "authentic" mean in a system designed in such a way that
> most system services can be replaced by the user?  Should programs be
> allowed to rely on a specific implementation of a given service?

I'm just a lurker, not very familiar with HURD.  But on Amigas, the kernel 
functions were overridden using as library call, setpatch() if I recall 
correctly, which installed a new function address for that call.  Presumably, 
LD_PRELOAD works similarly.

If it's this library overriding that's the problem, is it not possible to just 
say that some library calls are "final", and cannot be overridden?  And 
wouldn't such a library call be able to authenticate any services that must 
be final, too?

Lee Braiden

Attachment: pgpNzMP016pF_.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]