[EROS-Arch] The Environment Problem
Jonathan S. Shapiro
shap@eros-os.org
Mon, 24 Sep 2001 20:54:05 -0400
A separate, hopefully simpler question is prompted by Bill's note.
Let us imagine that there is a namespace of ready-to-use constructors, all
of which produce yields that are discreet (i.e. we can trust them not to
disclose information). Such a namespace is certainly needed for dynamic
binding. Regrettably, the leaves of the space are capabilities, so this
issue is not really covered by a sensory node tree.
In any case, assume that we can wave our hands and reliably create such a
namespace. Given that the namespace exists, how should an object obtain it?
>From the constructor? From the requestor (creator) who cause the object's
creation?
My concern is that I can imagine various security flaws that might come
about if the requestor (creator) is in a position to alter this namespace --
even if the components in the namespace continue to be discreet.
Jonathan