[cap-talk] Capabilities and Freedom vs. Safety

Toby Murray toby.murray at comlab.ox.ac.uk
Thu Jul 26 12:56:35 EDT 2007

On Thu, 2007-07-26 at 12:35 -0400, Jonathan S. Shapiro wrote:
> In light of this, I believe that the conclusions of HRU hold very well
> for current commodity systems. The HRU undecidability result isn't the
> part that should worry us. The part that should worry us is that all
> *finite* systems (which is to say: all systems observed in the real
> world) are decidable, and for the access models used in current
> commodity systems, the safety property is known to be false.

That last sentence doesn't parse. Could you elaborate on that? Do you
mean that they cannot prevent a particular subject from acquiring a
particular permission? That can't be it, because they can, and do,
achieve this. (I can't acquire the permission to install RPM packages on
my work machine since I don't have the root password, for example.)

More information about the cap-talk mailing list