[cap-talk] Reducing Ambient user authority in a Type Safe/Memory Safe OS.
David-Sarah Hopwood
david-sarah at jacaranda.org
Thu Dec 17 12:26:21 PST 2009
I missed responding to an important question:
Ben Kloosterman wrote:
> Im no expert and still learning but I can see how a file/Open and
> setup/configure trusted dialogs can grant privilege but I don’t see how you
> can do it without giving the user (Actor) carte blanche access to the
> machine, which in some cases is not desirable.
The file chooser powerbox only has to be trusted by the user; it's not
part of the system TCB. Since it is only granted access to the user's
namespace, it can only browse or delegate access to files and directories
accessible from that namespace.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20091217/f4541f60/attachment.bin
More information about the cap-talk
mailing list