[cap-talk] Petname definition: MinorCtkrFs, are these petnames?
Toby Murray
toby.murray at comlab.ox.ac.uk
Fri Jan 30 06:39:52 EST 2009
On Fri, 2009-01-30 at 11:54 +0100, Rob Meijer wrote:
> Creating a node (mknod) in the <ATTENUATION DIRECTORY NODE SPARSECAP>
> namespace creates both the new petname and the new capability.
> It is thus not possible to create more than one petname for the same
> capability if seen from that level of abstraction. But all capabilities
> within the <ATTENUATION DIRECTORY NODE SPARSECAP> namespace are in fact
> capabilities for attenuated proxied access to the exact same capability.
>
> That is, a process Alice with an unattenuated cap to some DirNode can use
> that cap to get the <ATTENUATION DIRECTORY NODE SPARSECAP> of that DirNode
> object. Within this attenuation directory, Alice could create two new
> nodes, one named 'ForBob' and one named 'ForCarol'. Alice could use chmod
> to pre-revoke some privileges and getxattr to get the capabilities that it
> could delegate to Bob and Carrol. After delegation both Bob and Carol
> would have a capability giving them attenuated access to the DirNode, but
> both attenuations could be different in their privileges and could be
> revoked by Alice using the petnames independently.
These feel like petnames to me.
Cheers
Toby
More information about the cap-talk
mailing list