[cap-talk] Derivative rights
Karp, Alan H
alan.karp at hp.com
Tue Feb 5 16:54:44 EST 2008
ross mcginnis wrote:
>
> Naming the letter does give you the authority to perform some
> operation. It gives you the authority to *attempt* to copy
> it. This is a derived right that the mere possession of the
> letter name produces. Depending on who is holding the letter
> the attempt will be successful. Mallory manipulates the
> situation so that the person attempting to copy it is
> successful in the attempt.
>
I'm getting lost in the analogy. Let's revert to code. Let's say that you can guess that I have a file named "/usr/karp/mypasswords". I will run programs for you, and you may pass parameters to those programs. However, the programs I will run for will only operate on files if given open file handles. In other words, the programs I run on your behalf never do an open operation. Write a program that invokes one of these programs in which the filename you have correctly guessed is treated any differently than an arbitrary string. I'm sure you wouldn't claim that an arbitrary string is a capability. My question is why you would treat an arbitrary string that may happen to be the same as a filename as a capability.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list