Re: The Perils of Pluggability (was: capability authentication)

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Perils of Pluggability (was: capability authentication)

From:	Jonathan S. Shapiro
Subject:	Re: The Perils of Pluggability (was: capability authentication)
Date:	Wed, 12 Oct 2005 03:54:48 -0400

On Wed, 2005-10-12 at 00:25 -0700, Jun Inoue wrote:

> Wouldn't "drop everything, pick up what you need" be more natural?
> If I understood it correctly, processes in general can be and are
> created with an initial set of capabilities supplied by the parent (and
> nothing else). Then in the "confined plugin" case, the plugin process
> can be started with none of the parent's capability.  Except the parent
> gives to the child, as the initial set of caps, what the parent thinks
> the child needs.

Yes. In EROS, when a constructor is run to create a new process, there
are no capabilities inherited by default -- this isn't a fork()
operation. The only capabilities that go to the new process are:

  1. Those provided by the "parent" through RPCs
  2. Those provided by the constructor.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Capability authentication, ness, 2005/10/09
- The Perils of Pluggability (was: capability authentication), Jonathan S. Shapiro, 2005/10/09
  - Re: The Perils of Pluggability (was: capability authentication), Bas Wijnen, 2005/10/10
    - Re: The Perils of Pluggability (was: capability authentication), Jonathan S. Shapiro, 2005/10/10
    - Re: The Perils of Pluggability (was: capability authentication), Bas Wijnen, 2005/10/11
    - Re: The Perils of Pluggability (was: capability authentication), Jonathan S. Shapiro, 2005/10/11
    - Re: The Perils of Pluggability (was: capability authentication), Bas Wijnen, 2005/10/11
    - Re: The Perils of Pluggability (was: capability authentication), Jun Inoue, 2005/10/12
    - Re: The Perils of Pluggability (was: capability authentication), Bas Wijnen, 2005/10/12
    - Re: The Perils of Pluggability (was: capability authentication), Jonathan S. Shapiro <=
    - instance and instantiator, Neal H. Walfield, 2005/10/13
    - Re: instance and instantiator, Jonathan S. Shapiro, 2005/10/13
    - Re: instance and instantiator, Marcus Brinkmann, 2005/10/13
    - Re: instance and instantiator, Jonathan S. Shapiro, 2005/10/13
  - Re: The Perils of Pluggability, Ludovic Courtès, 2005/10/10
    - Re: The Perils of Pluggability, Jonathan S. Shapiro, 2005/10/10
    - Re: The Perils of Pluggability, Ludovic Courtès, 2005/10/10
    - Re: The Perils of Pluggability, Jonathan S. Shapiro, 2005/10/10
    - Re: The Perils of Pluggability, Alfred M. Szmidt, 2005/10/11
    - Re: The Perils of Pluggability, Alfred M. Szmidt, 2005/10/10

Prev by Date: Re: The Perils of Pluggability (was: capability authentication)
Next by Date: Re: Using Hurd features (was: Re: Hurdish applications for persistence)
Previous by thread: Re: The Perils of Pluggability (was: capability authentication)
Next by thread: instance and instantiator
Index(es):
- Date
- Thread