[cap-talk] "ambient authority" on wiki.erights.org
Rob Meijer
capibara at xs4all.nl
Fri Jun 19 08:25:57 EDT 2009
On Fri, June 19, 2009 12:33, Sam Mason wrote:
> On Fri, Jun 19, 2009 at 08:34:06AM +0200, Rob Meijer wrote:
>> Now lets see if we reduce this further:
>>
>> class Copier {
>> static FileObject sFileA;
>> static setSourceFile(FileObject a) {
>> sFileA=a;
>> }
>> void copy(FileObject fileb) {
>> sFileA.seek(0);
>> fileb.write(sFileA.read());}
>> }
>> }
>> main (FileObject a,FileObject b, FileObject c){
>> Copier::setSourceFile(a);
>> copy_from_a = new Copier();
>> copy_from_a.copy(b);
>> copy_from_a.copy(c);
>> }
>>
>> Yes, looks like it. We move the shared authority carrying state from
>> global scope to the copier static scope, and essentially all relevant
>> parts of the previous examples remain, we still have an example of
>> ambient
>> authority.
>
> I'm confused as to the point of this example; are you saying that
> ambient authority exists or does not in this example?
>
> I'd say we do not as your FileObjects will contain authority information
> and hence the program can't "go wrong". It's obviously possible for
> it to contain a bug and try writing to a, but I'd expect this to fail
> because a would be opened for reading only.
The following shows how the ambient authority in the static class scope
could be a problem:
main (FileObject a,FileObject b, FileObject c){
Copier::setSourceFile(a);
copy_from_a = new Copier();
....
Copier::setSourceFile(b);
copy_from_b = new Copier();
....
copy_from_a.copy(c);
}
Do you agree, given the above, that the example is an example of ambient
authority, just as much as the one before that is?
> --
> Sam http://samason.me.uk/
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
>
More information about the cap-talk
mailing list