[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
Toby Murray
toby.murray at comlab.ox.ac.uk
Wed Oct 10 16:34:03 EDT 2007
On Wed, 2007-10-10 at 20:16 +0000, Karp, Alan H wrote:
> Jed wrote:
> >
> > I thought the question was whether knowing which objects
> > had access to which other objects (e.g. in real time)
> > or even seeing logs of which objects had accessed
> > which other objects was the level at which I earlier
> > and MarkM above were asking about the value in the logs
> > of such low level traces.
> >
> I presume that access to the file containing the quarterly results is
> controlled by a capability that may have been passed from object to
> object. The question to be answered is whether any object reachable
> from the capabilities in Alan's powerbox has had the capability to the
> file in question during the time period of interest. I believe that
> tracking all capability transfers would allow that question to be
> answered.
Only if you also know the behaviour of all of the objects in the system
-- otherwise you can't accurately calculate what caps are reachable from
Alan's powerbox. You can certainly determine whether Alan's powerbox
ever had a cap to an object that itself had previously been given a cap
to the file though.
More information about the cap-talk
mailing list