> Every capability system I've seen works like Unix file descriptors. The
> kernel assigns capability numbers, and since the numbers are only valid
> in one process, and the only valid capability numbers are to
> capabilities your have, there is no danger caused by guessing.
You know, when I typed that, I knew I really ought to qualify it a
bit, because the word capability is used in several ways. You are, of
course, right to say that this is a common implementation of
capabilities in operating systems with multiple memory spaces, but it
does not work in a single memory space design without language
security where user processes can access the kernel tables.
/jaap
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
