Re: Specification for Trusted PLs?

On Fri, May 21, 2010 at 11:57:33AM -0400, Magnus Hagander wrote:
> On Fri, May 21, 2010 at 11:55 AM, Josh Berkus <josh@agliodbs.com> wrote:
> > So, here's a working definition:
> >
> > 1) cannot directly read or write files on the server.
> > 2) cannot bind network ports
> 
> To make that more covering, don't yu really need something like
> "cannot communicate with outside processes"?

These need to be testable conditions, and new tests need to get added
any time we find that we've missed something.  Making this concept
fuzzier is exactly the wrong direction to go.

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate