DragonFly kernel List (threaded) for 2003-07
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: dynamic /bin /sbin

From:	Peter da Silva <peter-dragonfly@xxxxxxxxxxx>
Date:	Fri, 25 Jul 2003 16:57:14 -0500

Robert Watson wrote:

In a system oriented more around light-weight IPC, isolating those
components makes a lot of sense to me.  However, one of the big problems I
keep bumping into in OS X, from a security perspective, is a lack of a
trustworthy IPC namespace -- this will likely keep biting them in various
forms.  Given the discussion here of improving the IPC infrastructure for
a more message-passing oriented system, I hope the benefits of a
hierarchal and security-aware IPC namespace won't be lost.  :-)


Ah yes, using native dragonfly syscall style messages to implement
IPC via LWKT messages gives us a place to at least start dealing
with the security aspects of these things. I don't want to have to
start packaging cryptographic tokens with ALL messages to identify
the owners: you should just be able to ask the OS "who owns this VM
object I was just handed? Shouls I be writing SECRETSTUFF into it?".

Follow-Ups:
- Re: dynamic /bin /sbin
  - From: Robert Watson

References:
- Re: dynamic /bin /sbin
  - From: Robert Watson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]