Subject: Re: [e-lang] capability myths demolished!

From: marcs <marcs@skyhunter.com> · Date: Tue, 3 Dec 2002 15:35:42 -0700

On Sunday 01 December 2002 08:47 am, Jonathan S. Shapiro wrote:
> On Thu, 2002-11-28 at 12:47, marcs wrote:
> > A point I have started making since the advent of Palladium is that checking
> > in with the central HQ about the good standing of the author does not solve
> > all the problems...
> 
> Then please stop making this point in this way, as this has nothing
> whatsoever to do with Palladium. In the Palladium scheme, there is
> generally no per-transaction check with a central source and the
> originating authority does not make any certification whatsoever about
> the good standing of the target machine.
> 
> Your point is sound and worth making, but it has nothing to do with
> Palladium and it will become discredited as people figure that out.

While I immediately cede the point wrt the way I stated it above, it still 
seems to me that the overall point does have something to do with Palladium.  
If Palladium uses code-signing as the mechanism for establishing trust and 
allowing execution, but still lets the operating system grant gross excesses 
of authority once this primitive test has been passed, simple programming 
bugs in a Palladium universe will continue to present rich targets for 
cracker exploitation. Is this true, or is my understanding of Palladium even 
more wildly wrong than I had thought? I.e., its security stance is based on 
code signing, right? shap ben

--marcs
_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang