ACL vs Capability
Thomas E. Spanjaard
tgen at netphreax.net
Mon Jul 3 11:43:27 PDT 2006
TongKe Xue wrote:
Thomas E. Spanjaard wrote:
The granularity of capabilities is actually per 'object', not per
process necessarily. You can control virtual memory mappings with
capabilities too, and that's far more fine-grained than just per
process (which would result in an 'everything-or-nothing' approach
because of per process capabilities).
When a process P wants an access to an object O, ACL's look at the user
who P is executing as and decide whether to grant access. Capabilities
on the other hand, will make the decision based on P instead. Correct? I
don't understand the virtual memory example.
Actually, capabilities check whether the entity that wants access to
object O has a capability for the type of access to this particular
object. It doesn't have to be a process per se to have capabilities to
an object, other 'entities' in the 'universe' can as well (threads,
light-weight processes, users, network connections, etc). What I meant
with virtual memory, is that when for example entity E has a read
capability for object O, then the memory object O is residing in is
mapped as read-only into the virtual memory space of entity E. Ofcourse
entity E has to be in PL >0, otherwise it could work around the kernel
capability check and memory manager :).
Cheers,
--
Thomas E. Spanjaard
tgen at xxxxxxxxxxxxx
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00002.pgp
Type: application/octet-stream
Size: 186 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20060703/6f2d3e6b/attachment-0020.obj>
More information about the Kernel
mailing list