[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cap exchange race with map/unmap
|
From: |
Jonathan S. Shapiro |
|
Subject: |
Re: cap exchange race with map/unmap |
|
Date: |
Tue, 18 Oct 2005 13:01:04 -0400 |
On Tue, 2005-10-18 at 14:55 +0100, Neal H. Walfield wrote:
> At Tue, 18 Oct 2005 08:42:55 -0400,
> Jonathan S. Shapiro wrote:
> > In order to implement the protocol that you describe, the cap server
> > requires:
> >
> > a) sufficient authority to inspect the content of every capability
>
> I am not sure that this much authority is required depending on the
> design of the server. (See below.)
>
> > b) sufficient authority to fabricate any capability (because it
> > must be able to exchange any capability).
>
> I take issue with the any "qualifier" here. The cap server needs to
> be able to exchange any capability that is *manages*.
Please name a capability that does not require this management?
> [I]f there was a system call which allowed the caller to check if a
> mapping was derived from another mapping in the same address space,
> then we can use that to "unroll" mapping loops like the one in the
> first scenario, i.e. Server -> Client -> Server, or in the second,
> i.e. Server -> Reference Counter -> Client A -> Client B ->
> Reference Counter.[1]
>
> The requirement is that capabilities which can be exchanged must be
> registered with a mutually trusted capability server.
I don't think that this is right. The capability server must have
sufficient authority to obtain a capability that will not be invalidated
when the process that instantiated the object exits.
shap
- Re: Comparing "copy" and "map/unmap", (continued)
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/14
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/15
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/17
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/18
- Local IPC (was Re: Comparing "copy" and "map/unmap"), Espen Skoglund, 2005/10/18
- Re: Local IPC (was Re: Comparing "copy" and "map/unmap"), Jonathan S. Shapiro, 2005/10/18
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/21
- cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap,
Jonathan S. Shapiro <=
- Re: cap exchange race with map/unmap, Marcus Brinkmann, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Espen Skoglund, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/19
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19
- Re: cap exchange race with map/unmap, Marcus Brinkmann, 2005/10/18