[cap-talk] More Heresey: ACLs not inherently bad
Jonathan S. Shapiro
shap at eros-os.com
Mon Sep 1 12:55:31 CDT 2008
On Sat, 2008-08-30 at 20:51 -0700, ihab.awad at gmail.com wrote:
> On Sat, Aug 30, 2008 at 6:54 PM, Jonathan S. Shapiro <shap at eros-os.com> wrote:
> > It is very easy in a capability system to transfer O(1) authorities. But
> > once you get much above that you find that you need to introduce some
> > form of namespace for the capabilities being transferred. This is, in
> > essence, a file system. If you want to transfer the entire file system
> > then we are back to the O(1) simple case. Unfortunately, if you want to
> > transfer some subset of a large collection, you are forced to
> > dynamically build a large collection.
>
> If one were to model each transfer of control (e.g., forking) as a
> procedure call, the question boils down to asking, how does one pass a
> bunch of parameters? One encounters this problem in software
> engineering all the time. There are two points to consider --
I understand what you are saying, but neither of these issues in an way
difficult.
The real issue is that the kinds of things that we generally forget are
actually parameters: like the space of dynamic libraries...
shap
More information about the cap-talk
mailing list