[cap-talk] High level dissonance (was: Re: What sparked interest in capabilities)
wil.pearson at gmail.com
Fri Feb 22 10:57:16 EST 2008
On 22/02/2008, Rob Meijer <capibara at xs4all.nl> wrote:
> "why should a user have all the privileges of the combined applications
> that the user runs?"
> Maybe a user interface should only allow the user to interconnect
> applications by way of interconnection points exposed by the application,
> while shielding the 'private' privileges from the user.
> Asking the question how to discourage a user from giving a full C:
> privilege may thus be the wrong question, a better question would be how
> could we prevent a user from even being able to hold such a privilege
How does an application get the privilege in the first place, if not
delegated by the user? And how would a new bit of software e.g. new
disk defragmenter get the same privilege? Sys-admins? Not a perfect
solution. I'd guess that this would likely get in the way of getting
work done. Also not a viable solution for the home user.
Even my proposed system, while not giving the user direct access to
capabilities to delegate, gives the user the ability to influence the
system so that any program can get almost any privilege through doing
well in the market and out bidding competitors.
More information about the cap-talk