On Wed, 2005-10-26 at 13:04 +0200, Alfred M. Szmidt wrote: > I would agree with that, but for me this is mostly about security. > It would be nice to be able to run potentially hostile > applications, but it takes a lot of trouble, and then still you're > not sure if it's ok. > > It takes very little trouble, you can do this with the Hurd right now, > sub-hurds.
I am not sure exactly what is included in a sub-hurd, but I infer that it is a more comprehensive extension of a chroot-jail. Observation: Security that relies on explicit user action in order to achieve protection comes too late. By the time you realize you need it, you are already compromised. Secure behavior must be the default. Implication: If the sub-hurd is going to be the basic mechanism of security, then EVERY new execution of every application should be performed in a freshly instantiated sub-hurd. So: how does the latency of forming a sub-hurd compare to the latency of fork()? shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
