[cap-talk] Concening entry "ambient authority" in Wikipedia
David-Sarah Hopwood
david-sarah at jacaranda.org
Wed Jun 10 20:16:47 EDT 2009
Rob Meijer wrote:
> On Wed, June 10, 2009 23:02, David-Sarah Hopwood wrote:
>
>> However, an instance of a Unix system that is not *in fact* intercepting
>> kernel calls in such a way as to implement capability rules -- even if the
>> facilities to do so are in principle available -- is not a capability
>> system, and in that case its authorities are not being accessed via
>> capabilities.
>
> Clear, a UNIX system not using ptrace or some LSM is not a capability and
> a UNIX system that completely does and everywhere follows capability rules
> is.
>
> But how about the gray area where a relatively basic UNIX/Linux
> distribution is run for the most part running all the basic processes
> that come with most UNIX systems run without regard to capability rules,
> but ONLY server processes and related processes are confined to capability
> rules by that available facility?
That's a hybrid system, and can easily be described as such. There is no
need to get tied up in knots trying to decide whether it is or isn't a
capability system -- if it would be an oversimplification to describe it
either way, then don't. Instead describe how it is like a capability system
and how it isn't.
(We could make an analogy here with all kinds of other categories that are
often perceived as having a small number of alternatives, such as gender for
instance, but that would probably be drifting too far off-topic.)
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list