[cap-talk] Capability language safety
Ben Laurie
ben at algroup.co.uk
Tue Nov 2 12:57:51 EST 2004
Jonathan S. Shapiro wrote:
> On Tue, 2004-11-02 at 04:59, Ben Laurie wrote:
>
>>David Hopwood wrote:
>>
>>>Technically, you are right that it is *possible* (in a strictly literal
>>>sense) to build a nontrivial system that enforces capability discipline
>>>in such a way that there is no clear layering between a part of the system
>>>that essentially acts as a capability-secure language implementation or
>>>kernel, and an application layer. I would never trust such a system, and
>>>I have no confidence that there is anyone competent to design one that
>>>way. (If there were, they probably would not trust it, either.)
>>
>>I actually think this would be quite easy to do in C++.
>
>
> Not a prayer.
>
> It might be possible to build a class library that would *support* a
> more capability-oriented style of programming. Indeed, we contemplated
> such for EROS.
Apologies, this is what I meant.
> It is not possible to build anything in the C language family that
> *enforces* anything at all.
True.
--
ApacheCon! 13-17 November! http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the cap-talk
mailing list