[cap-talk] Reducing Ambient user authority in a Type Safe/Memory Safe OS.
Ben Kloosterman
bklooste at gmail.com
Thu Dec 17 15:27:02 PST 2009
>
>I missed responding to an important question:
>
>Ben Kloosterman wrote:
>> Im no expert and still learning but I can see how a file/Open and
>> setup/configure trusted dialogs can grant privilege but I don’t see
>> how you can do it without giving the user (Actor) carte blanche access
>> to the machine, which in some cases is not desirable.
>
>The file chooser powerbox only has to be trusted by the user; it's not
>part of the system TCB. Since it is only granted access to the user's
>namespace, it can only browse or delegate access to files and directories
>accessible from that namespace.
Thanks David , so indeed this is built on top of a user-Group-World set of rights and the capabilities are taken from this I just termed this as escalating to "user" rights or escalating to group "rights" to receive the capability and will look for a better term.
Regards,
Ben
More information about the cap-talk
mailing list