[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)
Jonathan S. Shapiro
shap at eros-os.com
Mon Jan 1 21:24:20 CST 2007
On Mon, 2007-01-01 at 19:14 -0800, Mark S. Miller wrote:
> Karp, Alan H wrote:
> > MarkM wrote:
> >>> Let's start with a plain conventional Unix ACL-ish example.
> >> I create a file
> >>> foo.txt. I choose not to give you write permission on this
> >> file. Are we
> >>> interacting using mandatory or discretionary security?
> >> how would you describe it using these terms?
> > Discretionary, but the example is flawed. How can you choose to give a
> > subject write permission in a Unix system? In a Unix-like system where
> > you can, it's non-discretionary if you want to grant write permission,
> > but the grantee doesn't get it.
> > Also, VOC is non-discretionary.
> Do you claim these answers are consistent with Shap's stated definitions for
> these terms? If instead, as I suspect, you have a different meaning in mind,
> could you state your proposed meaning for these terms?
Alan wouldn't have given that answer if he had caught up with the policy
vs. point of view discussion.
More information about the cap-talk