Thanks. It would be good to put a list of required services in the readme for each program.
Hello Ben,
> It seems that with the init config files generated by the run scripts,
> if any server/driver is compromised, it can take over the system, by
> requesting access to important services, such as those in the
> <parent-provides> section. It seems that to make init's config secure,
> one would have to explicitly name every service needed by a server and
> deny access to all others. Am I correct? If not, please enlighten me.
you are correct. During development, the use of wildcards is handy. But
for deployment, explicit routes are the way to go. See the corresponding
section "Using the configuration concept" in the documentation of the
init process:
http://genode.org/documentation/developer-resources/init#Using_the_configuration_concept
Cheers
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
------------------------------------------------------------------------------
_______________________________________________
genode-main mailing list
genode-main@...12...ceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main