[cap-talk] Capability begginer questions
Kevin Reid
kpreid at mac.com
Wed Oct 3 09:24:56 EDT 2007
On Oct 3, 2007, at 8:44, Matheus Morais wrote:
> On 10/2/07, Kevin Reid <kpreid at mac.com> wrote:
>>
>> If this structure is intended to be protected from the user programs
>> (actually or conceptually), then I don't see much wrong with it, but
>> there's not enough information to tell how it's intended to be used.
>>
>> How are key values chosen? How are they looked up during capability
>> invocation?
>>
>> What is stored in an r_list? What interprets the values?
>
> I was thinking to generate the key values randomically using md5
> hash algorithm or something like that, since AFAIK the key must be
> unique for each capabilitie, but I didn't write any code to this
> job yet.
>
> The r_list will store values like 'r' to read access and 'w' to
> write access. The interpretation of these values will be made when
> an access attempt will be made for that object, also there is no
> code writing too.
This is inconsistent. Randomly generated values are only useful if
you're creating sparse capabilities (those which the client can
access the bits of); but the presence of the r_list means that these
must be protected capabilities (those which the client can't access
the bits of, or at least can't cause a given bit-sequence to be used
as a capability).
Assuming that you intend protected capabilities (which have superior
properties), there is no reason for the "key" to be random; it might
as well be a pointer or index referring to the implementation of the
capability (what is invoked/accessed when the capability is used).
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list