[cap-talk] Selling capabilities programming
James A. Donald
jamesd at echeque.com
Sat Jul 21 04:09:24 EDT 2007
David Wagner wrote:
> Capabilities will not solve every security problem in
> the world. That doesn't mean they are useless. Even
> if they do not provide a complete solution (or any
> solution at all) to the problem you list above -- and
> I am not claiming that they do or don't -- that
> doesn't mean they are uninteresting or useless.
You misread what I wrote above.
Capabilities solve, or greatly reduce, the problem of
trojans and viruses.
I emphasize the necessity of considering real world
issues, because some assertions made as to how
capabilities *must* work that appear to me impractical
unwise, and unrealistically ambitious.
For example, the justification for "protected
capabilities" is that it should be possible to know all
the entities on the system, and all the capabilities
held by each entity. If the system is a network, which
in practice it is, rather than a particular computer,
this is a hard problem, and, I suspect, an insoluble
problem - and a problem that in fact we do not need to
solve.
My point about aunt Vera was not that any system
involving aunt Vera is likely to fail, but that the
proposed enumeration could not possibly be of any use to
aunt Vera - that it is something that could only be of
use when debugging.
More information about the cap-talk
mailing list