l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Perils of Pluggability (was: capability authentication)

From: Bas Wijnen
Subject: Re: The Perils of Pluggability (was: capability authentication)
Date: Wed, 12 Oct 2005 09:46:55 +0200
User-agent: Mutt/1.5.11 
On Wed, Oct 12, 2005 at 12:25:44AM -0700, Jun Inoue wrote:
> > Well, given the fact that you cannot get a capability back when you've
> > dropped it, you're going to have to drop things you don't want to use, not
> > "drop everything, pick up what you still need".
> > 
> > Of course, this should be done by specifying what you want to keep, not
> > what you want to drop.
> 
> Wouldn't "drop everything, pick up what you need" be more natural?
> If I understood it correctly, processes in general can be and are
> created with an initial set of capabilities supplied by the parent (and
> nothing else). Then in the "confined plugin" case, the plugin process
> can be started with none of the parent's capability.  Except the parent
> gives to the child, as the initial set of caps, what the parent thinks
> the child needs.

That sounds even better, and shouldn't be a problem to implement.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]