[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why COPY != SIMULATED COPY
From: |
Jonathan S. Shapiro |
Subject: |
Re: Why COPY != SIMULATED COPY |
Date: |
Wed, 19 Oct 2005 14:58:10 -0400 |
On Wed, 2005-10-19 at 20:41 +0200, Espen Skoglund wrote:
> Just did a LITTLE thinking, and I have a question about what we REALLY
> want here: Do we really want what I just stated? Or in other words:
> Does B really want to trust the hierarchy between "Cap.1" and
> "Cap.1..x" to not perform any revocation?
>
> If the answer is NO then it seems to me that what we actually want is:
>
> "B has Cap.1.y"
>
> Comments?
Given a chain of cap transfers of the form
ANY ANY RevCOPY COPY
... S ---> T ---> A --------> B -----> C
We want it to be that case that
(1) C's capability gets revoked exactly when B's
capability gets revoked, and
(2) any revocation of A's capability causes the
capabilities held by B and C to be revoked also.
That is, we are trying to simulate the behavior of the obvious
kernel-implemented COPY operation. This definition of RevCOPY/COPY
composition is required if we are to preserve any possibility of
confinement.
B might overwrite its capability before the revoke occurs, and this
should not cause C's copy to disappear. That is: B and C hold co-equal
copies after the COPY operation.
shap
- Re: cap exchange race with map/unmap, (continued)
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/19
- Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Marcus Brinkmann, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Espen Skoglund, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Espen Skoglund, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Espen Skoglund, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Espen Skoglund, 2005/10/19
- Re: Why COPY != SIMULATED COPY,
Jonathan S. Shapiro <=
- Re: Why COPY != SIMULATED COPY, Espen Skoglund, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/20
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Marcus Brinkmann, 2005/10/19
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/20
- Re: Why COPY != SIMULATED COPY, Espen Skoglund, 2005/10/20
- Re: Why COPY != SIMULATED COPY, Jonathan S. Shapiro, 2005/10/20
- Re: Why COPY != SIMULATED COPY, Alfred M\. Szmidt, 2005/10/20