[cap-talk] Singletons Considered Harmful
kenton at google.com
Sun Apr 4 13:05:22 PDT 2010
On Tue, Mar 30, 2010 at 8:15 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> Or better yet, make
> something like the following changes:
Thanks for the suggestions, I've applied them.
> Explanation: No realistic system I've ever seen prevents
> covert channels.
Maybe if you're talking about covert channels for communicating bits, which
are not as harmful as covert channels for communicating capabilities.
> For instance, in some cases there are ways to ensure that evil
> code cannot *listen* on a covert communication channel, but those
> methods do not help prevent evil code from *transmitting* on
> covert communication channel.
Well, assuming that it's possible to constrain those transmissions to within
a single machine, then all you have to do is prevent other evil code on the
same machine from listening, which seems feasible.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk