[cap-talk] A Taxonomy of Current Object-Cap Systems

Rob Meijer capibara at xs4all.nl
Thu Mar 5 23:45:42 EST 2009


On Thu, March 5, 2009 23:15, Charles Landau wrote:
> Mark Seaborn wrote:
>> Are you only considering pure capability systems?  Unix file
>> descriptors, and in particular Unix domain sockets could go on the
>> list.  The comparison would be useful, considering that sockets are
>> connection-based (unlike EROS/CapROS/Coyotos and typical
>> language-based objects) and often not message-based.
>
> I don't see the distinction. EROS/CapROS/Coyotos capabilities can be to
> objects that represent a session or connection.
>
> Rob Meijer wrote:
>> In my view UNIX domain sockets when used for IPC have all the properties
>> needed to be considered object capabilities.  IMHO to turn a multi
>> process
>> application using UNIX domain sockets for IPC into an object capability
>> system, all what is needed is to take away everything that could be
>> considered to be ambient authority.
>
> AFAIK it's not possible to send a socket through a pipe. That would
> either disqualify them, or call for another taxon: whether capabilities
> can be sent in messages.

File descriptors can be passed between processes across Unix domain
sockets using the sendmsg() system call. AFAIK 'ÁNY' socket IS a file
descriptor.
If capabilities can not be sent in messages, on what ground could you
still consider them capabilities ?

Rob




More information about the cap-talk mailing list