[cap-talk] Persistence as a cap value
James A. Donald
jamesd at echeque.com
Fri Mar 14 22:10:08 EDT 2008
James A. Donald
>> (though we should allow programs to access their
>> install directory as they please)
Rob Meijer wrote:
> This sounds very much like a persistent capability to
> me, so lets continue on this.
A capability is a transmissible permission. If a
program receives the permission as part of its install
time configuration, this is a software pattern
resembling an ACL.
One can of course, do capabilities in ACLs, and ACLs in
capabilities, and some people on this list want to do so
for some reason far from clear to me, but doing ACLs in
capabilities is not going to lead to a useful difference
in the security of the resulting systems.
If one wants to use capabilities to do what ACLs do, no
doubt one needs persistent capabilities, but even if
this is a sane thing to do, one still winds up with the
same old problems of ACLs.
More information about the cap-talk
mailing list