At Wed, 13 Jul 2005 18:17:31 +0200,
[EMAIL PROTECTED] (Ludovic Courtès) wrote:
> Marcus Brinkmann <[EMAIL PROTECTED]> writes:
> Only in some cases do processes need to have "absolute authenticity"
> proofs, that is, authenticity wrt. what the machine's administrator
> intends to do.  For instance, `passwd' needs to make sure the data it is
> accessing is the one _it_ created earlier. 

Ah, nice observation.  But even that is relativ of course: What if I
run a sub-hurd under my own user ID: With my own authentication
server, root filesystem etc?  Then of course the enclosed passwd wants
to use the passwd file from _that_ root filesystem...

> (I guess persistence comes
> in handy here because such sensitive programs do not need to expose
> their state publicly and need not rely on an authentic file server.)

Yeah, persistency seems to be help a lot here.

> It looks like I'm just repeating the same things over, but it really
> helps me understand the issue.  ;-)

Nah, we are still fine tuning it :)

Marcus



_______________________________________________
L4-hurd mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/l4-hurd

Reply via email to