[cap-talk] Boebert's quote
Karp, Alan H
alan.karp at hp.com
Thu Jul 20 12:55:36 EDT 2006
Toby Murray wrote:
>
> I'm presuming here that Mark and Alan are interpreting the
> quote as meaning:
> '... the right to exercise access carries with it the right
> to propagate that access [to anyone]'
Yes for MarkM; no for me. Recall the problem setup. Low has permission
to write to High. High has the permission to read from Low. Low writes
bits that High reads bits to gain permission to write to Low. Nothing
here about needing to violate confinement.
>
> But I think it might be quite natural to also interpret it as
> '... the right to exercise access carries with it the right
> to [try to] propagate that access [to anyone to whom one
> possesses a capability]'
>
That's my view. Boebert's analysis applies to this case, too, but
that's not the problem. In DVH a process only holds an index into a
c-list. What exactly can a Low process write to High that will give a
High process a capability? That's what's required for Boebert's
analysis to hold. In fact, Boebert's attack succeeds only if a process
can write a capability as data. It doesn't matter whether or not
something in the system enforces the Granovetter property.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20060720/210fb85e/attachment.vcf
More information about the cap-talk
mailing list