OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 6:18 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Capabiliities
PostPosted: Sun Nov 01, 2020 10:44 am 
Offline
Member
Member

Joined: Fri Nov 22, 2019 5:46 am
Posts: 590
OK, we have discussed capabilities here:
viewtopic.php?f=15&t=37387
viewtopic.php?f=15&t=36596

But I still don't know why access control lists aren't capabilities.

And is there a simple pseudo-code algorithm for managing capabilities?

Greetings
Peter


Top
 Profile  
 
 Post subject: Re: Capabiliities
PostPosted: Sun Nov 01, 2020 10:46 am 
Offline
Member
Member

Joined: Thu May 17, 2007 1:27 pm
Posts: 999
Responding to Schol-R-LEA here: you are of course correct that ACLs (and UNIX permissions) are an entirely different model than capabilities. I should have expressed my point more clearly: the file descriptor is a capability, the file on the file system is not! In UNIX, there are no ACL checks on file descriptors. If you have the file descriptor, you have the right to access the corresponding resource (and that's exactly the definition of a capability - a handle that allows access to a resource).

EDIT, @PeterX: in a capability-based system, you can access a resource whenever you have a handle to it. In a ACL-based design, on the other hand, you perform a permission check before accessing the resource.

_________________
managarm: Microkernel-based OS capable of running a Wayland desktop (Discord: https://discord.gg/7WB6Ur3). My OS-dev projects: [mlibc: Portable C library for managarm, qword, Linux, Sigma, ...] [LAI: AML interpreter] [xbstrap: Build system for OS distributions].


Top
 Profile  
 
 Post subject: Re: Capabiliities
PostPosted: Sun Nov 01, 2020 11:31 am 
Offline
Member
Member

Joined: Fri Nov 22, 2019 5:46 am
Posts: 590
Korona wrote:
EDIT, @PeterX: in a capability-based system, you can access a resource whenever you have a handle to it. In a ACL-based design, on the other hand, you perform a permission check before accessing the resource.

Ah, ok. Thanks.

So a capability is like a handle or (file) descriptor or maybe like a key.

And ACL is the bigger brother of file permissions, I guess.

And a C-list is simply an number-index referring to capabilities, do I understand that right?
https://en.wikipedia.org/wiki/C-list_(computer_security)

Greetings
Peter


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 24 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group