Ludovic Courtès wrote:
Hi,
Tom Bachmann <[EMAIL PROTECTED]> writes:
As described in one of my mails [1] to coyotos-dev and somewhere on
the E language homepage [2] it is possible to implement transparent
"remote" capabilities, i.e. caps that are invoked like normal local
ones but that actually invoke servers on other machines over the
net.
That is feasible, except that you lose confinement (i.e., the bit
representation of capabilities is visible to the participants, so one
can transfer capabilities off-line, e.g., over the phone)
Right. But the point of "distributed caps" is that they are sent over
net, i.e. the bit representation is made visible.
So if you want confinement the app must not hold (transitively) a cap to
the forwarder (i.e. a wrapped "distributed cap"). I do not know
how/wheather this can be made sure...
--
-ness-
_______________________________________________
L4-hurd mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/l4-hurd
