[cap-talk] Re: "capabilities" as data vs. as descriptors - OS
security discussion, restricted access processes, etc.
Jonathan S. Shapiro
shap at eros-os.org
Tue May 4 06:54:15 EDT 2004
On Tue, 2004-05-04 at 01:48, David Hopwood wrote:
> In Posix, Windows NT, and most other implementations of ACLs, each
> resource has an owner, and the owner is the only subject that can directly
> change the ACL (ignoring superusers/Administrators and other complications).
Nonsense! The owner is the *principal* that can directly change the ACL.
Subject == Process
Principal =~= User
shap
More information about the cap-talk
mailing list