Re: secure exec

[Marcus Brinkmann]

On Fri, May 23, 2003 at 09:14:13AM +0200, Niels Möller wrote:
> >       16 bits refcount - 2 unused bits - 14 bits task ID
> 
> I'm not sure I understand what these refcounts are, I think it is
> simpler for the task server (or any server, for that matter), if a
> single task can't have several copies of the same handle. I think I'd
> prefer to let each task have zero or one reference handles and zero or
> one control handles to any given task.

I thought so, too, but I decided that it is just too awkward to let the
tasks alone with keeping track of this, and once I realized that refcounts
would not take up any extra space in the task server because the task ID is
restricted to only half of the world, I decided that ref counting would be
in.

I don't disagree with your principle of staying simple, but I think that
you have a bit too tight focus on the task server and forget that we also
have to write the rest of the system ;)

> If the owner wants to believe it can have multiple copies, then the
> owner should do the reference counting himself. The general principle
> is that a server should not do work that the client could do by
> himself, right?

The general principle is that it is stupid if we write the task server in a
way that will make it much harder for us (the very same people!) to write
the rest of the system.  The principle as you worded it is fine if you only
have to care about the one side of the issue.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/