[cap-talk] Understanding capabilities in a web-desktop setting

Rob Meijer capibara at xs4all.nl
Thu Aug 14 15:04:23 CDT 2008 

On Sun, August 10, 2008 15:36, Ben Laurie wrote:
> On Fri, Aug 8, 2008 at 3:56 PM, Luke A. Guest <laguest at archeia.com> wrote:
>> No, someone needs to write an idiots guide to capability systems without
>> formal notation to get people to understand this stuff.
>
> Does this help?
>
> http://www.links.org/files/capabilities.pdf

Hi Ben, great to see a product and granularity neutral introduction text,
great work.

One tiny nit, in your conclusion you state "For those interested in
further exploration and experimentation, I would skip the operating system
approach", and you than go on talking about language based and distributed
systems. The way you have structured chapter 4 when related to this
conclusion would I feel somewhat sugest to skip the process level of
granularity.
I feel however that one of the simplest ways to experiment and play around
with and understand capabilities is by playing around at the process
granularity with file handles passed between processes. AppArmor is not
designed with capabilities in mind, but it is a great tool to confine
processes to their initial least privilege state. Combining AppArmor with
playing around with passing file handles between processes is IMHO a great
way to get a feel for what capabilities are all about without the
immidiate need to learn much new stuff in advance. I guesse that AppArmor
+ Fd's + unix-sockets would qualify as operating system level, altough
this may not be what you mean in your conclusion. I do feel that playing
around with these familiar concepts at a process level of granularity is a
great and simple way to get a feel for capabilities from an AC point of
view.

This is also the reason why I am writing MinorFs, and am working on the
design of a unix-sockets and C++ functor based IPC library. The process
level of granularity on non capability centric OSses may not be best from
a performance point of view, from a (non accademic level) educational
point of view it is IMO a very interesting and usefull angle on capability
security, and a great way to get experienced people to quickly understand
the concepts.

Rob

More information about the cap-talk mailing list