[cap-talk] Another "core" principle - confused deputy?
Jonathan S. Shapiro
shap at eros-os.com
Wed Dec 27 00:18:42 CST 2006
On Tue, 2006-12-26 at 16:50 +0000, David Hopwood wrote:
> Mark S. Miller wrote:
> >>>> (Note that Carol is a process, not a human user, and therefore is
> >>
> >> [I'll switch to using lowercase for names of processes.]
> >
> > Sorry to be annoyingly pedantic, but surely we mean "subject", "object",
> > or "protection domain" above, not "process". The issues we're discussing
> > are about access control and naming, not scheduling.
>
> OK. The important point was that they are instances of programs.
Umm. No. The important point is that they are subjects. It is
conventional in the OS literature to equate subjects with processes, but
this is a dubious unification in the presence of shared mutable
resources between subjects.
I suggest that for the moment we ignore this and stick with the term
"subject" with the common understanding (in OS context) of "process". I
believe that the subject/process confusion is completely orthogonal, and
we can proceed safely with the subject=process assumption for the
current discussion. I merely think that we need to revisit this
assumption at a later point.
shap
More information about the cap-talk
mailing list