[E-Lang] Re: Old Security Myths Continue to Mislead
Karp, Alan
alan_karp@hp.com
Wed, 8 Aug 2001 20:15:16 -0700
> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Monday, August 06, 2001 2:23 PM
> To: E Language Discussions
> Subject: Re: [E-Lang] Re: Old Security Myths Continue to Mislead
>
>
> > Even though all messages passed through the core, the core
> never looked at
> > the payloads. Hence, confinement ala Lampson was not enforced.
> Capability
> > confinement could have been enforced using a mechanism in
> the design that
> we
> > did not get a chance to implement.
>
> Examining the payloads is not required. The core must only
> validate that the
> sender holds a valid capability to the receiver. This is a common
> misunderstanding of confinement. Go back and look at Lampson again.
Yep. You're right.
We could indeed control which clients another one can send a message to, but
only through the visibility tests. So, it wasn't the capability to send a
message that we implemented; it was enforcing the negative capabilities in
your protection domain.
>
> Jonathan
>
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>
_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-3
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/