[cap-talk] Persistence as a cap value
James A. Donald
jamesd at echeque.com
Sat Mar 15 00:24:23 EDT 2008
James A. Donald wrote:
>> If one wants to use capabilities to do what ACLs do,
>> no doubt one needs persistent capabilities, but even
>> if this is a sane thing to do, one still winds up
>> with the same old problems of ACLs.
David-Sarah Hopwood wrote:
> This argument seems entirely backwards to me. If you
> want to represent the long-term protection state of a
> system using capabilities,
Perhaps I have failed to clearly express my argument:
To the extent that we want the user to manage the
protection state of the system, we want the state to
behave in accordance with the users expectations, we
want it to ensure that software must behave as the user
expects, rather than deciding how it should behave, and
then telling the user that is what he should expect.
Persistent capabilities, like ACLs, require management
which users are disinclined to give, and perhaps
incapable of giving.
> Otherwise the long-term protection state will have to
> use some other access control model, such as ACLs.
No doubt. But if we are reproducing the same old
behavior, leading to the same old problems, I do not
much care what access control model we use.
More information about the cap-talk
mailing list