DragonFly BSD
DragonFly kernel List (threaded) for 2006-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: ACL vs Capability


From: "Thomas E. Spanjaard" <tgen@xxxxxxxxxxxxx>
Date: Mon, 03 Jul 2006 18:36:58 +0000

TongKe Xue wrote:
Thomas E. Spanjaard wrote:
The granularity of capabilities is actually per 'object', not per process necessarily. You can control virtual memory mappings with capabilities too, and that's far more fine-grained than just per process (which would result in an 'everything-or-nothing' approach because of per process capabilities).
When a process P wants an access to an object O, ACL's look at the user who P is executing as and decide whether to grant access. Capabilities on the other hand, will make the decision based on P instead. Correct? I don't understand the virtual memory example.

Actually, capabilities check whether the entity that wants access to object O has a capability for the type of access to this particular object. It doesn't have to be a process per se to have capabilities to an object, other 'entities' in the 'universe' can as well (threads, light-weight processes, users, network connections, etc). What I meant with virtual memory, is that when for example entity E has a read capability for object O, then the memory object O is residing in is mapped as read-only into the virtual memory space of entity E. Ofcourse entity E has to be in PL >0, otherwise it could work around the kernel capability check and memory manager :).


Cheers,
--
        Thomas E. Spanjaard
        tgen@xxxxxxxxxxxxx

Attachment: signature.asc
Description: OpenPGP digital signature



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]