DragonFly kernel List (threaded) for 2003-07
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: dynamic /bin /sbin
Robert Watson wrote:
In a system oriented more around light-weight IPC, isolating those
components makes a lot of sense to me. However, one of the big problems I
keep bumping into in OS X, from a security perspective, is a lack of a
trustworthy IPC namespace -- this will likely keep biting them in various
forms. Given the discussion here of improving the IPC infrastructure for
a more message-passing oriented system, I hope the benefits of a
hierarchal and security-aware IPC namespace won't be lost. :-)
Ah yes, using native dragonfly syscall style messages to implement
IPC via LWKT messages gives us a place to at least start dealing
with the security aspects of these things. I don't want to have to
start packaging cryptographic tokens with ALL messages to identify
the owners: you should just be able to ask the OS "who owns this VM
object I was just handed? Shouls I be writing SECRETSTUFF into it?".
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]