[cap-talk] Another "core" principle
Bill Frantz
frantz at pwpconsult.com
Wed Dec 20 17:19:41 CST 2006
shap at eros-os.com (Jonathan S. Shapiro) on Sunday, December 17, 2006 wrote:
>I'm not sure my concern is valid, but I'm concerned about the membrane
>pattern. If the consequence of causally dependent capabilities (which is
>what membranes build) is that nobody ever dares to revoke a membrane,
>then there is absolutely no point introducing the membranes in the first
>place.
The same issue applies to zapping space banks and the disk format
command. There is no way to undo their destructive effects.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the cap-talk
mailing list