Capabilities workshop, followup questions

[Jon Tidswell]

< .. on fork() vs threads ... >

I think the argument Bart is making is that two threads sharing an address
space necessarily share a security context.

My "take" on per thread security data in the kernel is as follows:

If the process is _trusted_ then we may trust the threads when they say
"I act on behalf of <x>",  and per thread security data is not needed in
the kernel.

If the process is not trusted, then it is not safe to assume that different
threads maintain separate security contexts, and per thread security data
is not needed in the kernel.

- JonT

PS Of course Linux threads can end up sharing almost nothing; I don't know
whether the little that is always shared represents a security risk in
this context; of course if nothing is shared they look like processes again.

-- 
Jonathon E Tidswell                                          <jont at zip.com.au>
Geek on the loose.
Postgrad student, programmer, Internet aficionado, and would be security guru.
Disclaimer: I think my thoughts are my own, and I believe my writings are too.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message