Sawmill's dataspaces and the Hurd's physmem

Neal H. Walfield neal at
Tue Sep 6 08:15:59 CEST 2005

> It appears to me that a file system server providing a file to a client
> always belongs to that client's trusted computing base. The FS server
> has to belong to the client's TCB, because it will provide the client
> with the content of a file. It may alter that content in any possible
> way before handing it to the client.

I'd like to add that we often don't even care about the correctness of
content.  Consider the web: I don't trust web servers to provide me
with correct data and I generally have no way to computationally
verify that the data is correct.  Nevertheless, I find the web useful
with the caveat that the data may be either malicious or incorrect.


More information about the l4-hackers mailing list