[cap-talk] Objects and Facets
Norman Hardy
norm at cap-lore.com
Mon Aug 7 21:17:29 EDT 2006
On Aug 7, 2006, at 5:36 PM, Jed at Webstart wrote:
>
> .......
> At 05:19 AM 8/7/2006, David Hopwood wrote:
>> Each object capability system defines what it considers to be an
>> object,
>> and what it considers to be a capability, subject to the following
>> constraints:
>>
>> 1. a capability unambiguously designates a single object;
>
> I don't understand what the above contributes. How could it
> be otherwise? Isn't the object by definition that which the
> capability grants permission?
In Posix capabilities (RIP) a capability provided categorical
authority like mounting file systems.
<http://www.gentoo.org/proj/en/hardened/capabilities.xml>.
Not even the enthusiasts would see their capabilities as designating
just one object.
This limitation is useful for a wider audience.
More information about the cap-talk
mailing list