[cap-talk] Reinterpreting POLA - "Authority Must Not Exceed Trust"
ihab.awad at gmail.com
ihab.awad at gmail.com
Mon Sep 17 22:47:35 EDT 2007
On 9/17/07, David Hopwood <david.hopwood at industrial-designers.co.uk> wrote:
> ... the criterion for whitelisting something should
> be "I have some reason to believe that this component is secure with
> these permissions", *not* just "I've never had a security problem with
> this component".
Interesting. Hence, granted capabilities would, most conservatively,
be the intersection of the whitelisted ones and the ones granted by
the user? Makes sense.
Ihab
--
Ihab A.B. Awad, Palo Alto, CA
More information about the cap-talk
mailing list