[cap-talk] CapDesk demo, capability demos in general
James A. Donald
jamesd at echeque.com
Sat Oct 6 17:45:12 EDT 2007
Jed Donnelley wrote:
> Polaris isn't a capability system.
If Polaris is not a capability system, then perhaps
"true" capability systems are not really such a good
idea.
Anything that is actually likely to be useful in our
present hostile environment is going to look a lot like
Polaris, and not much like the "true" capability systems
of yesteryear.
For some permissions, ACLs really are the best solution.
For example one wants the package installer to have
authority that cannot be granted to any other software,
not even by the system administrator, short of booting
up a different environment. For other permissions,
particularly transient permissions such as permission to
bring up a dialog box, communicable permissions are the
best solution.
Of course, with protected capabilities, one can make a
communicable permission that is not communicable, but
that is a convoluted, hence fallible and inflexible, way
to do it.
More information about the cap-talk
mailing list