Sawmill's dataspaces and the Hurd's physmem
Neal H. Walfield
neal at walfield.org
Tue Sep 6 08:15:59 CEST 2005
> It appears to me that a file system server providing a file to a client
> always belongs to that client's trusted computing base. The FS server
> has to belong to the client's TCB, because it will provide the client
> with the content of a file. It may alter that content in any possible
> way before handing it to the client.
I'd like to add that we often don't even care about the correctness of
content. Consider the web: I don't trust web servers to provide me
with correct data and I generally have no way to computationally
verify that the data is correct. Nevertheless, I find the web useful
with the caveat that the data may be either malicious or incorrect.
More information about the l4-hackers