[cap-talk] Capabilities and Freedom vs. Safety
Jonathan S. Shapiro
shap at eros-os.com
Thu Jul 26 13:53:09 EDT 2007
On Thu, 2007-07-26 at 17:56 +0100, Toby Murray wrote:
> On Thu, 2007-07-26 at 12:35 -0400, Jonathan S. Shapiro wrote:
> > In light of this, I believe that the conclusions of HRU hold very well
> > for current commodity systems. The HRU undecidability result isn't the
> > part that should worry us. The part that should worry us is that all
> > *finite* systems (which is to say: all systems observed in the real
> > world) are decidable, and for the access models used in current
> > commodity systems, the safety property is known to be false.
> That last sentence doesn't parse. Could you elaborate on that? Do you
> mean that they cannot prevent a particular subject from acquiring a
> particular permission?
> That can't be it, because they can, and do,
> achieve this. (I can't acquire the permission to install RPM packages on
> my work machine since I don't have the root password, for example.)
Regrettably, this is untrue. You simply don't know how.
More information about the cap-talk