[cap-talk] Cap OS question
Charles Landau
clandau at macslab.com
Thu Sep 3 12:58:34 PDT 2009
On 8/2/09 Ben Kloosterman wrote:
>> On Mon, Aug 03, 2009 at 12:36:21AM +0800, Ben Kloosterman wrote:
>>> 2) How to handle the access rights and where does the logic go . In the
>>> capability ?
>> Access rights belong in the object the capability points to.
>
> Very interesting . This basically adds the requirement that each such
> object has only set of one access rights.
LOGICALLY, this is correct, and agrees with the definition of object in
MarkM's thesis (http://erights.org/talks/thesis/).
HOWEVER, an object, under this definition, does not equate to a single
area of memory containing the object's implementation. The memory that
implements an object may be located partly in the same area that
implements capabilities to the object.
To state it plainly, bits representing access rights are often stored
with the capability.
> How do you handle a Process
> object in terms of the Process itself and a separate read only version.
Think of this as two objects: a read-write object, and a read-only
object. These two objects share the mutable state of the Process. A
capability to the read-write object is implemented as a bit indicating
read-write access, and a pointer (reference) to the shared state of the
Process. A capability to the read-only object is implemented as a bit
indicating read-only access, and a pointer (reference) to the shared state.
More information about the cap-talk
mailing list