[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC] libxc: Add trusted decompressors

At 10:33 +0000 on 04 Mar (1362393222), George Dunlap wrote:
> On Wed, Feb 27, 2013 at 12:44 PM, Bastian Blank <waldi@xxxxxxxxxx> wrote:
> >> I'm not sure "trusted" is quite the right term though, these aren't
> >> really any more trustworthy than the library supplied ones -- they are
> >> just more suitable for a mini-os environment.
> >
> > I used the term "trusted" because it should not be fed with untrusted
> > input. So it should not be used in the normal libxenguest. In the case
> > of pv-grub, all input is trusted as it runs in the same security domain.
> 
> So it's not the decompressors you trust, but the data that you trust?
> 
> "Trusted decompressors" definitely means that the decompressors
> themselves are more trustworthy somehow; "trusting decompressors"
> would be a more accurate description. ;-)

Yeah, I don't think "trusted" is quite the right word here.  I would be
inclined to use "unsafe" instead, to make it clear that the caller had
better sanitize the input, or not care about unwanted side-effects.

(Generally, I think using "trusted" to mean "relied upon to preserve
invariants" is a more useful way of thinking than the common meaning of
something like "bug-free".  But this isn't quite that either.)

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.