[cap-talk] "Same" key

Mark S. Miller markm at cs.jhu.edu
Sun Feb 4 13:46:49 CST 2007


Jonathan S. Shapiro wrote:
> On Sat, 2007-02-03 at 13:47 -0800, Mark S. Miller wrote:
>> Can you give an example where two not-EQ caps designate the same object?
> 
> Not having tracked your definition of "object", probably not, but the
> obvious example would be an object implemented by a domain that chooses
> to ignore some or all of the facet ID bits. This would let two facets
> alias the same object, but the resulting capabilities would fail EQ.


Yes, I used exactly this case as a counter-example at
http://www.eros-os.org/pipermail/cap-talk/2007-February/007388.html
So, yes, we seem to consistently mean different things by "object".


> More practically -- and this exposes a place where I continue to be
> uncomfortable with your definition of "object" -- it is very common to
> have two capabilities with distinct facet IDs that designate the same
> state and differ only in permissions -- specifically, one provides a
> subset of the operations of the other. An example is RO-page key vs.
> RW-page key, but the same notion appears in user-implemented
> capabilities as well. In spite of your attempts to redefine terms :-) I
> expect that I will continue to speak of such capabilities as designating
> the same object.


Yes, I expect so as well ;).

I do think the dominant use of "object" in computer science is what 
"object-oriented programmers" mean by "object" -- a combination of state and 
behavior that reacts in a certain way to messages/invocations. Certainly, we 
have been clear that the "object" in our term "object-capability model" is a 
reference to the "object" of "object-oriented programming" (or "object-based 
programming" if one buys Wegner's taxonomy).

So, in spite of your attempts to redefine terms ;), I will continue to speak 
in terms more familiar from the PL perspective, even if that's more confusing 
from the OS or historical access control perspectives.

-- 
Text by me above is hereby placed in the public domain

     Cheers,
     --MarkM


More information about the cap-talk mailing list