[cap-talk] Capability begginer questions

Wed Oct 3 01:53:15 EDT 2007

On 10/2/07, Matheus Morais <matheus.morais at gmail.com> wrote:
> Last year I was reading l4-hurd mail list and became curious to know more
> about capabilites. Since then I start to read capabilite documentations
> spread on the internet, more intensive in last three weeks, and I had
> observed the lack of documentation on my native language (portuguese BTW).
> For that reason and a couple of other ideas which come in my mind I started
> to write my own documentation in portuguese about the capabilities[1]. My
> two main goals with that are get more knowledge about the capabilitie theory
> and create capabilite documentation in portuguese.
>
> How I'm a very newbie on capabilites some doubts are running through my head
> right now and I don't know any other place to ask these questions. Sorry if
> I'm OT here. Anyways, here I go.
>
> 1 - A short question about the terminology. The correct translation for
> capabilitie in portuguese is 'potencialidade' which means 'quality of the
> potential'. Books like Operating Systems Design and Implementation for
> example, treat capabilitie as 'capacidade' which stands for 'quality to
> satisfaction some end; qualification'. First I started to use
> 'potencialidade' because is the correct translation for the word capabilite,
> after read carefully a portuguese dictionary I decided to change that for
> 'capacidade' but I'm still lost about what is the best translation for the
> word capabilitie. Should I keep with 'capacidade' on documentation or change
> again to 'potencialidade'?

I would stick with 'capacidade', even though it sounds strange to me
(I'm brazilian). I usually use 'autoridade' in the loose sense when
explaining capabilities or even 'procuração', but most word
definitions are wrong IMHO, it's better to treat non formal
descriptions as analogies and use formal definitions to explain the
properties.

BTW your site uses the capabilities as keys analogy to explain caps,
which isn't good (as the 'Capability Myths Demolished' paper
explains). It would be better if you wrote a sentence or two on why
this analogy, albeit useful, is flawed.

> 2 - According to Capability-Based Computer Systems book[2] written by Henry
> M. Levy, the capabilitie could be showed as rows of an access matrix which
> contrasts with ACL's in the column of the same access matrix. In a paper
> called 'Capability Myths Demolished'[3] they say that assignment don't
> explicit show the differences between ACL's and capability. My question is,
> could I represent capability as rows (or columns depending on where user
> field is positioned) of an access matrix?
>
> 3 - Suppose that I have a program P and I want to assign a capability to
> read an file F. The read access capabilitie will be stored in P capability
> list or F capability list?
>
> 4 - I was playing with C++ and design a _very_ primary capability structure
> as follow:
>
> /* caps.h */
>
> #define RIGHTS_LIST_SIZE 2
> #define CAP_LIST_SIZE 10
>
> typedef char r_list[RIGHTS_LIST_SIZE];
>
> typedef struct cap {
>     long key;
>     r_list rights;
> };
>
> typedef cap clist[CAP_LIST_SIZE];
>
> /* EOF */
>
> I am in the right direction? I was thinking to write a small Capability
> _Fake_ File System to run on top of ext3 fs, just to learn more about
> capabilites in the practical. Any suggestions?
>
>  [1] -
> http://matheus.morais.googlepages.com/entendendoaspotencialidades
> [2] - http://www.cs.washington.edu/homes/levy/capabook/
> [3] - http://zesty.ca/capmyths/usenix.pdf
>
> Thanks and sorry for the inconvenience of begginer questions.
> Matheus Morais

Regards,
Daniel Yokomizo.