[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just a few questions
From: |
BVK Chaitanya |
Subject: |
Re: Just a few questions |
Date: |
Sun, 23 Oct 2005 15:33:29 +0530 |
User-agent: |
Mozilla Thunderbird 1.0.5 (X11/20050711) |
Hi justin,
Let me try to answer. Beware, i am a newbie. I am answering this
sothat someone will point errors in *my* understanding.
1) How can the a process/kernel know that a capability really is who/what it
says it is?
KERNEL: Kernel (should?) never know what really a capability can do. It
only knows about (1) which process has access to this capability? (2)
what kind of permissions a process has on this capability?
PROCESS: To know whether a capability is really what is says it is, a
process should perform 'Capability Authentication'. A process must
consult some *trusted* server processes to authenticate a capability.
2) How many capabilities can a capability have?
??? Do you mean - how many capabilities can a *process* have? A process
can have any number of capabilities it gets/creats, untill it runs out
of its capability-space.
??? Do you mean - how many *methods* can a capability have? It depends
on the interface that capability implements.
I dont understand your question properly.
E.G. A mouse pointer capability loaded from a somewhere or other that also (malevolently) has the capability programed in to write to the hard drive?? Whats to stop that happening?
If a process gets mouse pointer capability (say MPC), it shouldnt trust
MPC unless it passes 'capability authentication' phase. Capability
authentication guarantees that MPC you have is *really* *only* an MPC.
Is the user requested to give permission every time a particular I/O operation
takes place? What if you have connected a
file system ( maybe a floppy, CD ROM) and wish to copy some directories, will
it ask for permission on every object?
I dont understand this :(
3) Will L4 on Hurd be using a constructor capability?
It seems, this design/decision is not yet taken. I doubt, if Hurd goes
for EROS like constructors, Hurd/Mach servers need considerable changes.
Simply put - I dont know cleary.
4) Does L4 have the answers to some of the questions raised by a project like
Eros?
L4.sec might have.
Correct me!
-BVK Chaitanya.