[cap-talk] rights communication - hope? - tome
alan.karp at hp.com
Thu Sep 23 11:28:37 EDT 2004
David Wagner wrote:
> (a) For protecting processes from other processes, the costs
> of capabilities are probably very small, if you're writing a new
> application. The benefits of capabilities, compared to
> competitors like
> Janus/Systrace/etc. (ACL systems), is larger than zero but
> probably not
> huge (IMHO). For legacy code, you don't have a choice; capabilities
> are out of the running.
You guys are doing such a good job on this discussion that I have few comments. However, I do have some experience with this one. E-speak was a capability system along the lines Jed advocates, protection only between processes. We were able to provide capability wrappers for any legacy applications that communicated over sockets. We simply had the socket connect to the wrapper instead of the intended endpoint. The wrapper did its thing and forwarded the requests to a wrapper for the endpoint. Of course, the granularity wasn't as fine as we could have done rewriting from scratch, but it was surprisingly good. For example, it took a knowledgeable person three days to provide a wrapper for the purchase order component of SAP. The wrapper was able to convey and enforce capabilities for creating, finding, reading, and modifying purchase orders. So, perhaps "out of the running" is a bit too strong a statement.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Alan H Karp.vcf
Size: 774 bytes
Desc: not available
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20040923/841cb476/AlanHKarp.obj
More information about the cap-talk