18 Aug
2006
18 Aug
'06
6:18 p.m.
Chuck Guzis wrote:
On 8/18/2006 at 3:17 PM Don wrote:
I do that. An application can delegate what *subset* of
it's privileges are awarded to tasks/threads that it spawns.
And, the namespace is protected so I can put an application
in a "jail" simply by creting a namespace that only references
the objects that *I* think it should have access to.
But, you still have to deal with *rogue* applications
(Ohmigosh!) and/or *crappy* applications.
But, user applications can be developed using
tools that
fail to observe your conventions WITHIN their application.
I.e. it seems like the only mechanisms that you can put
in place are those that are invoked at protection boundaries.
(?)
Why are protections primarily reserved for OS-level tasks? Why not subset
protections within the user area? A user should be able to say that a
plugin or DLL should have only a certain limited number of privledges.