tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Capsicum: practical capabilities for UNIX

On Tue, 28 Sep 2010 09:33:33 BST Robert Watson 
<>  wrote:
> About ten years ago, I experimented with delegating UNIX privileges using file
> descriptors ("tokens"), but wasn't satisfied with the composition properties,
> so didn't reuse the idea in Capsicum.  In particular, the existing file 
> descriptor behaviour of UNIX seems to align well with capability concepts in a
> way likely to work well with current applications (not a coincidence, of 
> course, but hence using that as the starting point in Capsicum), whereas many
> existing UNIX programs have strong notions of manipulating privilege using 
> UIDs rather than as file rights.  While it seemed that correct usage was 
> likely possible, the potential for something catastrophic was worrying.

To me the notions of file descriptors and capabilities align
so well that I would've considered mapping UIDs into this
scheme somehow.  Did you consider something like that?
Mapping UIDs to a userfs or even a special kind of pre-opened
"file" descriptors?

Home | Main Index | Thread Index | Old Index