begin quoting Andrew Lentvorski as of Tue, May 13, 2008 at 06:34:49PM -0700:
> SJS wrote:
[snip]
> >http://groups.google.com/group/alt.folklore.computers/msg/aac01bd0f8e67f0e
> >
> >EVERYTHING in the system should be controlled with the filesystem.
>
> It's close, but not quite right.
>
> The issue is what the OS folks call "capabilities". Every single
> resource should have a "capability" associated with it that controls access.
Capabilities are associated with subjects, not objects.
> "Everything in the filesystem" is a proxy for "permissions and ownership
> on everything" is a proxy for "capabilities on everything".
It's all just ways to efficiently store (and work with) the access control
matrix; ACLs associate {subject,permissions} with objects, and capabilities
(i.e., capability lists) associate {object,permissions} with subjects.
You can get more complicated than that, such as using cryptographic
tokens to allow for transferrable rights, but that seems to be a little
bit like a DSW between smart people showing off. It's still subjects,
objects, and permissions.
> There is research on this with Coyotos and CapROS operating systems.
> However, they often fall afoul of the same problems as microkernels,
> poor performance.
I would think the problem of clearly defining who gets what rights would
be the big hurdle. On the other hand, if it's dynamic, there's some
nice things that just fall out of delegating rights to a process... no
more chroot jails needed, f'rinstance.
(Of course, given the immense number of filesystem objects that are
accessed by a normal process, fine-grained control might be a bit much.)
> Of course, if they got the same level of attention that Linux does, they
> wouldn't have performance problems.
And if the M68k chips had gotten the same level of attention as x86... :)
Performance isn't the big issue, once correctness and utility have been
taken care of. It'll come with time, it just needs to be "Good Enough".
> People seem to forget that the performance of Linux was a hard won
> battle over time rather than due to any amazing technical architecture.
It was "good enough" at the time, and kept up. (Grow the system...)
Early 90s X11 on a 386 with 5MB of RAM was terrible. It make MSWindows
3.x look good, but wasn't any (or much) worse than OS/2. But console
access was *amazing*.
--
Alas, the A2k turned out to have been cost-reduced into flakiness.
Stewart Stremler
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
