[cap-talk] More Heresey: ACLs not inherently bad
toby.murray at comlab.ox.ac.uk
Thu Sep 11 06:41:01 CDT 2008
On Thu, 2008-09-11 at 05:47 -0400, Jonathan S. Shapiro wrote:
> The performance issue is that building a per-exec custom directory
> potentially containing thousands of entries is prohibitive. This
> certainly would not work in KeyKOS either.
I'm having trouble visualising this problem.
The directory tree visible to a program can be thought of as the
namespace in which the program operates.
Most programs assume a fixed namespace and are not written to handle
arbitrary namespaces. The namespace in which a program expects to be
brought to life is akin to a calling convention, no? These are generally
very fixed. These are usually fixed at install time. Hence, there is no
performance issue because the namespace is not built "per exec" but "per
Hence, before worrying about the creation of arbitrary namespaces for
"per exec" for programs, I'd like to see an example program that expects
such a namespace, in order to demonstrate that this problem is real.
Programs expecting arbitrary namespaces (such as virus scanners and
search tools) are generally given read-only access to the user's entire
namespace, avoiding this problem.
I'm yet to be convinced that this is a real problem and can't quite see
what the fuss is about. I'm hoping Jonathan can expand further on this
More information about the cap-talk