[cap-talk] "ambient authority" on wiki.erights.org
Toby Murray
toby.murray at comlab.ox.ac.uk
Mon Jun 15 15:49:19 EDT 2009
On Mon, 2009-06-15 at 19:55 +0100, David-Sarah Hopwood wrote:
> Karp, Alan H wrote:
> > David-Sarah Hopwood wrote:
> >> The dereference of the static variable represents use of ambient authority.
> >>
> > No it doesn't. The object is referenced explicitly.
>
> The object dereferenced by name, from a global namespace (assuming
> we are considering global static variables), without specifying any
> additional permission that grants the authority to dereference this
> variable.
>
> There is no essential difference between this and the fopen+fread example:
> in both cases you have an ambient dereferencing operation, followed by a
> non-ambient use of the obtained reference.
But the authority used in the initial dereference is not ambient.
Whatever the name refers to you have the permission to access.
I agree with Alan. I'd see an "import <module>" as an ambient operation,
sure, but global variables are simply capabilities available in every
scope (like E's SafeScope or GlobalScope or whatever).
More information about the cap-talk
mailing list