[cap-talk] Concening entry "ambient authority" in Wikipedia
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Wed Jun 10 14:15:38 EDT 2009
Mark Miller wrote:
> The crucial concept left out of these earlier expressions is "Loader
> Isolation", explained in Section 10.3 of my thesis. My apologies again for
> how badly Chapter 10 is written. I hope someone will someday attempt a more
> coherent restatement.
OTOH, playing devil's advocate here, I don't think the line that separates
safe from unsafe operations is completely clear. There seems to be near
universal consensus (including me) that side-effect-free calculation is
generally safe. But there is at least one cautionary tale from the real
world, where additional restrictions are desirable, namely packet filtering in
a network stack, where we need to solve the halting problem (and more) on user
supplied code (so we can't allow use of the complete CPU instruction set).
Of course, there are other tools we have at our disposal beside capability
theory to solve this particular issue.
Thanks,
Marcus
More information about the cap-talk
mailing list