[cap-talk] keyrings and bootstrapping capabilities

Jed Donnelley capability at webstart.com
Mon May 28 19:37:27 EDT 2007 

At 12:40 PM 5/28/2007, Norman Hardy wrote:
>Thanks Jed for the additional background.
>
>On 2007 May 28, at 12:25 AM, Jed Donnelley wrote:
>........
> > If, however, one is given access to a directory without
> > the "free access" right, then all access rights that are
> > turned off in the directory capability itself are turned
> > off in the fetched capabilities before being returned
> > in response to "fetch" requests.
> >
>Of what use is such a returned capability?
>Perhaps rights amplification was necessary to use it.
>Keykos did not use this pattern but the kernel could support it.
>
>......

The canonical example is with directory or file capabilities
that have their "write" access permission turned off when they
are fetched through a directory capability without the "free
access" permission - because neither the "write" permission
nor the "free access" permission is in the base directory.

The typical case is where I create a new "group" directory.
I initially have all access to it.  I then create a reduced
access right capability that has "free access" and "write"
turned off.  Then I put some file and other directory
capabilities in through my full access capability to the directory.
Finally I give the reduced access capability to some others,
as a "group" directory.

At that point I can insert things into the directory through
my full access capability (with "write and "free access"), even
likely into directories in it.  I can also write into files in
it.  However, anybody else that has access only to the directory
capability without the "free access" bit (the one I shared
with the "group") will only be able to fetch reduced permission
capabilities from it.  For example, all the directories that
they fetch will have "free access" and "write" turned off.
Similarly all files will have "write" turned off (and "free
access", but for us the "free access" permission on files
had no meaning).

Remember the idea?  I'm sure we've discussed it on the cap-talk
list before.  I believe I've seen this ideal elsewhere, but not
before it was done in the Elephant storage system circa 1970.
This seems to be another one of those ideas that has been
invented more than once.

--Jed  http://www.webstart.com/jed-signature.html

More information about the cap-talk mailing list