equal
deleted
inserted
replaced
1119 The main result is now imminent, just by composing the three |
1119 The main result is now imminent, just by composing the three |
1120 invariance lemmas (see \secref{sec:unix-inv-lemmas}) according the the |
1120 invariance lemmas (see \secref{sec:unix-inv-lemmas}) according the the |
1121 overall procedure (see \secref{sec:unix-inv-procedure}). |
1121 overall procedure (see \secref{sec:unix-inv-procedure}). |
1122 *} |
1122 *} |
1123 |
1123 |
1124 theorem main: |
1124 corollary |
1125 "init users =bogus\<Rightarrow> root \<Longrightarrow> |
1125 "init users =bogus\<Rightarrow> root \<Longrightarrow> |
1126 \<not> (\<exists>xs. (\<forall>x \<in> set xs. uid_of x = user1) \<and> |
1126 \<not> (\<exists>xs. (\<forall>x \<in> set xs. uid_of x = user1) \<and> |
1127 can_exec root (xs @ [Rmdir user1 [user1, name1]]))" |
1127 can_exec root (xs @ [Rmdir user1 [user1, name1]]))" |
1128 proof - |
1128 proof - |
1129 case rule_context |
1129 case rule_context |