"Jonathan S. Shapiro" <[EMAIL PROTECTED]> writes: > On Mon, 2005-10-10 at 15:06 +0200, Alfred M. Szmidt wrote: > >> > Extensibility is not a synonym of vulnerability. >> >> Of COURSE it is! >> >> Actually, it isn't. Me extentions to vulnerable program A do not >> affect you. > > Counterexamples: > [...]
I think that you are both right. When Alfred is talking about Extensibility is not a synonym of vulnerability, he is talking about the ability for a user to run its own set of servers, and use them instead of the standard ones. It has several security bonuses: -The trusted computing base is reduced, -Confinement is made possible The examples you gave are more about some kind of extensibility which would allow more interactions with the system/other users, and thus may compromise the system. Thus we want extensibility, but which would impact only the user making use of the extensions. We want secure extensibility :) _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
