OK, we have discussed capabilities here:
viewtopic.php?f=15&t=37387
viewtopic.php?f=15&t=36596
But I still don't know why access control lists aren't capabilities.
And is there a simple pseudo-code algorithm for managing capabilities?
Greetings
Peter
Capabiliities
Re: Capabiliities
Responding to Schol-R-LEA here: you are of course correct that ACLs (and UNIX permissions) are an entirely different model than capabilities. I should have expressed my point more clearly: the file descriptor is a capability, the file on the file system is not! In UNIX, there are no ACL checks on file descriptors. If you have the file descriptor, you have the right to access the corresponding resource (and that's exactly the definition of a capability - a handle that allows access to a resource).
EDIT, @PeterX: in a capability-based system, you can access a resource whenever you have a handle to it. In a ACL-based design, on the other hand, you perform a permission check before accessing the resource.
EDIT, @PeterX: in a capability-based system, you can access a resource whenever you have a handle to it. In a ACL-based design, on the other hand, you perform a permission check before accessing the resource.
managarm: Microkernel-based OS capable of running a Wayland desktop (Discord: https://discord.gg/7WB6Ur3). My OS-dev projects: [mlibc: Portable C library for managarm, qword, Linux, Sigma, ...] [LAI: AML interpreter] [xbstrap: Build system for OS distributions].
Re: Capabiliities
Ah, ok. Thanks.Korona wrote:EDIT, @PeterX: in a capability-based system, you can access a resource whenever you have a handle to it. In a ACL-based design, on the other hand, you perform a permission check before accessing the resource.
So a capability is like a handle or (file) descriptor or maybe like a key.
And ACL is the bigger brother of file permissions, I guess.
And a C-list is simply an number-index referring to capabilities, do I understand that right?
https://en.wikipedia.org/wiki/C-list_(c ... _security)
Greetings
Peter