[cap-talk] On revocation and the use of wrappers and In Defense of Identities
Valerio Bellizzomi
devbox at selnet.org
Sat Dec 9 19:57:15 CST 2006
On 07/12/2006, at 9.33, Jed Donnelley wrote:
>At 02:03 AM 12/7/2006, Neal H. Walfield wrote:
>>At Wed, 6 Dec 2006 23:17:12 -0600,
>>Karp, Alan H wrote:
>> >
>> > Marcus Brinkmann wrote:
>> > > The problem is that it is easily exploitable, because the amount of
>> > > memory used to store the bookkeeping data is not bound by the
number
>> > > of objects, but by the number of delegations that take place.
>> > > Depending on the design, either a user alone or at least two
>> > > conspiring users can probably exhaust these resources by delegating
>> > > the same object many times.
>> > >
>> > The server can always refuse if a given capability has been delegated
>> > too many times.
>>
>>Sure. But how can it do this without potentially denying legitimate
>>service? I think that any limit will be arbitrary and will fail to
>>stop illegitimate use but block some legitimate uses.
>
>This sort of thing happens all the time in today's systems and it
>is very far from being considered among the most important problems
>with such systems. There are limits like the number of processes,
>number of inodes, not to mention of course more "legitimate"
>resource limitations like memory and disk space. Any exhaustion
>of such resources result in denying legitimate service.
>
>How would an exhaustion of table space for delegations differ
>from such situations?
I didn't read this before, but hey, either we have a limit in the number
of delegations, either we have a limit on table space, in any case
unlimited delegation is not possible.
So where's the difference?
>
>--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list