[cap-talk] Capability essence (was: Re: A Taxonomy of Current Object-Cap Systems)

Jed Donnelley capability at webstart.com
Fri Mar 6 02:37:29 EST 2009


At 02:24 PM 3/5/2009, Mark Miller wrote:
>On Thu, Mar 5, 2009 at 2:15 PM, Charles Landau <clandau at macslab.com> wrote:
>...
> > AFAIK it's not possible to send a socket through a pipe. That would
> > either disqualify them, or call for another taxon: whether capabilities
> > can be sent in messages.
>
>If a capability cannot be sent in a message, then the system isn't an
>object-capability system. That's why I drew such attention to the
>Granovetter diagram.

I hope we can all agree on the above.  A facility for communicating
capabilities in messages is the one absolutely fundamental and
mandatory aspect of any "capability" system, even beyond strictly
object-capability systems as with capabilities as data.  Capability
systems are first and foremost capability communication systems.

If there is any disagreement on the above I'd certainly like to
hear it.

At 08:45 PM 3/5/2009, Rob Meijer wrote:
>...
> > AFAIK it's not possible to send a socket through a pipe. That would
> > either disqualify them, or call for another taxon: whether capabilities
> > can be sent in messages.
>
>File descriptors can be passed between processes across Unix domain
>sockets using the sendmsg() system call. AFAIK 'ÁNY' socket IS a file
>descriptor.

About the above I don't know and won't 
comment.  However, this I certainly second:

>If capabilities can not be sent in messages, on what ground could you
>still consider them capabilities ?


--Jed  http://www.webstart.com/jed-signature.html  



More information about the cap-talk mailing list