DragonFly BSD
DragonFly kernel List (threaded) for 2003-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: dynamic /bin /sbin


From: Peter da Silva <peter-dragonfly@xxxxxxxxxxx>
Date: Fri, 25 Jul 2003 16:57:14 -0500

Robert Watson wrote:
In a system oriented more around light-weight IPC, isolating those
components makes a lot of sense to me.  However, one of the big problems I
keep bumping into in OS X, from a security perspective, is a lack of a
trustworthy IPC namespace -- this will likely keep biting them in various
forms.  Given the discussion here of improving the IPC infrastructure for
a more message-passing oriented system, I hope the benefits of a
hierarchal and security-aware IPC namespace won't be lost.  :-)

Ah yes, using native dragonfly syscall style messages to implement IPC via LWKT messages gives us a place to at least start dealing with the security aspects of these things. I don't want to have to start packaging cryptographic tokens with ALL messages to identify the owners: you should just be able to ask the OS "who owns this VM object I was just handed? Shouls I be writing SECRETSTUFF into it?".




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]