[cap-talk] E persistent capabilities - cross vat access control (was: theory vs. practice)
capability at webstart.com
Fri Aug 3 14:37:34 EDT 2007
At 07:46 AM 8/3/2007, Mark Miller wrote:
>On 8/3/07, Jed Donnelley <capability at webstart.com> wrote:
> > I can understand how file content that might be modified by
> > executing E programs will survive. What I don't understand
> > is how that effects any sort of permanent sharing between
> > users - e.g. on a Unix system for example. When the system
> > restarts all process state is lost.
>A persistent E vat checkpoints some of its state to its checkpoint
>file on the file system. Such a checkpoint file records the persistent
>capabilities that its vat holds to objects in other vats as
>cap-as-data URIs. So, inter-vat, E provides only cap-as-data security,
>both for ephemeral caps and for persistent caps.
Got it. That was the part I was missing. Thanks for persisting
in something that would have been a 20 second interactive discussion.
> > Now the Unix system reboots. How does user MarkM
> > exercise his RW access to user Jed's file? Perhaps
> > both user Jed and user MarkM have to initialize
> > E 'demon's that pick up the changed file state and
> > permit communication from user MarkM to modify user
> > Jed's file - e.g. through the vat mechanism on the
> > network?
>Yes, exactly. You got it!
> > I hope my question is clear. There's something
> > fundamental here that I think I'm missing.
>Looks to me like you figured out the fundamentals I hadn't thought to explain.
Glad to get that much figured out. Thanks MarkM!
More information about the cap-talk