[cap-talk] Selling capabilities programming

Pierre THIERRY nowhere.man at levallois.eu.org
Wed Jul 25 07:34:46 EDT 2007

Scribit James A. Donald dies 25/07/2007 hora 21:21:
>> On the other hand, people claimed [...] that such an implementation
>> prevents confinement altogether.
> "confinement" being tautologically defined to make that trivially true
> by definition.

Confinement is not defined by the protection of capabilities, so it is
not tautological.

IIUC, confinement is the property of a subject whose initial authority
could be known to contain only elements of  a given set of capabilities
and whose other authority was only gained through authorized channels.

> If you have durable communicable permissions, then indeed it is true
> that you have a problem, but "confinement" does not make it any less
> of a problem

Yes it does. It makes it possible to reason about the authority conveyed
by those permissions, and thus about the security properties of the
system. That is obviously making it less a problem, isn't it?

nowhere.man at levallois.eu.org
OpenPGP 0xD9D50D8A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070725/477208df/attachment.bin 

More information about the cap-talk mailing list