[E-Lang] Re: Old Security Myths Continue to Mislead

Jonathan S. Shapiro shap@eros-os.org
Mon, 6 Aug 2001 17:22:59 -0400


> Even though all messages passed through the core, the core never looked at
> the payloads.  Hence, confinement ala Lampson was not enforced.
Capability
> confinement could have been enforced using a mechanism in the design that
we
> did not get a chance to implement.

Examining the payloads is not required. The core must only validate that the
sender holds a valid capability to the receiver. This is a common
misunderstanding of confinement. Go back and look at Lampson again.

Jonathan