[cap-talk] Cap OS question
Sam Mason
sam at samason.me.uk
Sun Aug 2 11:18:52 EDT 2009
On Sat, Aug 01, 2009 at 11:58:39AM +0800, Ben Kloosterman wrote:
> By managed OS I mean strongly typed with Garbage collection even for the
> kernel . Everything runs in the same priv ring in a shared address space.
> The compiler ensures all references are valid. Note all code is compiled to
> native instructions during installation of an application.
If this is true then I think it would be easiest for a capability just
to be a normal reference to an object. I've never used .net or C#
(not even sure what to call the various parts), but "unsafe" pointers
would seem to be an easy way to break this system and should be limited
somehow.
In an object-capability system (as the members of this list would know
it) the only way for things to interact are by invoking capabilities
(i.e. calling a method on an object) and security is enforced by not
allowing sensitive capabilities (references to objects for you) to fall
into the "wrong" hands.
Not sure how any of that relates to your understanding so far.
--
Sam http://samason.me.uk/
More information about the cap-talk
mailing list