meaning of 'no change limits'

[Jonathan S. Shapiro]

> no raise sounds smarter to me; i guess I don't mind if someone
> frees stuff when managing resources - it's grabbing mor ethat makes my 
> allocations difficult, right?

On the face of it I agree with you.  There is a secondary question,
however, concerning whether allowing a program to reduce its space
bank limits might permit it to communicate information.

To the KeyKOS folks:  I seem to remember Norm telling me that the
query limits operation was deemed a security hole by NCSC.  Is this
because it allowed a domain to find out what it's instantaneously
available space was?

In thinking about it, Jonathan Adams and I were able to come up with a
rich variety of attacks if I have the ability to see the space
actually available to be allocated by me in the event that this is
lower than my imposed limit.

If, however, the answer given is (limit - allocated) without regard to
the amount of available system storage, I don't see where the leak is.

I'ld note as an aside that any leak that exists here can be exploited
by aggressive allocation; telling me what the allocation limits are
increases the bandwidth of the channel, but the essential source of it
appears to be the hierarchical character of the banks.

Advice?


shap