[cap-talk] Re: "capabilities" as data vs. as descriptors
-OS security discussion, restricted access processes, etc.
Valerio Bellizzomi
devbox at selnet.org
Fri May 7 11:15:39 EDT 2004
On 06/05/2004, at 12.23, Jed Donnelley wrote:
>>First, the notion of a single TCB is flawed. MarkM and I have long since
>>stopped using this term in this way. There does exist in any given
>>system a "universal TCB" (the set of stuff on which all programs
>>depend), but this TCB is rarely the one we care about.
>
>Agreed. I was interpreting the term relatively. That is, from the point
>of me as a process my code is my "TCB".
>
>>TCB is something that should be defined from an application perspective.
>>It consists of the set of stuff on which that application depends.
>
>Sounds like the above?
Other dependencies must be taken also into account, like the libraries that
come with the system, or from third party, especially if the software is
not statically linked, it may depend on some library that could be replaced
by an attacker. Modular software can load libraries on the fly...
val
More information about the cap-talk
mailing list