Init Config Security
Nobody III
hungryninja101 at ...9...
Thu Nov 6 15:44:57 CET 2014
Thanks. It would be good to put a list of required services in the readme
for each program.
On Nov 6, 2014 1:00 AM, "Norman Feske" <norman.feske at ...1...> wrote:
> Hello Ben,
>
> > It seems that with the init config files generated by the run scripts,
> > if any server/driver is compromised, it can take over the system, by
> > requesting access to important services, such as those in the
> > <parent-provides> section. It seems that to make init's config secure,
> > one would have to explicitly name every service needed by a server and
> > deny access to all others. Am I correct? If not, please enlighten me.
>
> you are correct. During development, the use of wildcards is handy. But
> for deployment, explicit routes are the way to go. See the corresponding
> section "Using the configuration concept" in the documentation of the
> init process:
>
>
>
> http://genode.org/documentation/developer-resources/init#Using_the_configuration_concept
>
> Cheers
> Norman
>
> --
> Dr.-Ing. Norman Feske
> Genode Labs
>
> http://www.genode-labs.com · http://genode.org
>
> Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
> Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20141106/ade65dc4/attachment.html>
More information about the users
mailing list