[cap-talk] Persistence as a cap value
Rob Meijer
capibara at xs4all.nl
Thu Mar 13 01:06:20 EDT 2008
On Thu, March 13, 2008 01:30, James A. Donald wrote:
> Jed Donnelley wrote:
> > I think for me the main issue is that of how access is
> > delegated. When I refer to access in the previous
> > sentence I mean persistent access - that is, not a
> > form of access that will be reset on a system reboot
> > or any other sort of non explicit means. A means of
> > delegation that can be counted on as a "permanent"
> > (only changed by intent) form of access control
> > management.
>
> Persistent capabilities are bad. They are too valuable,
> therefore need too much protection, too much management,
> and your mother is not going to provide the necessary
> management any more than she does for ACLs. We should
> therefore always seeks ways of doing things that do not
> require persistent capabilities.
I believe this is true only in the absence of (pseudo) persistent
process mechanisms. A persistency mechanism could provide all
the protection you need IMO.
Rob
More information about the cap-talk
mailing list