On Mon, 2005-10-10 at 21:24 +0200, ness wrote: > > Hello, > > > > On Sun, Oct 09, 2005 at 01:23:29PM -0400, Jonathan S. Shapiro wrote: > > > >>On Sun, 2005-10-09 at 10:14 +0200, ness wrote: > >> > >>>I guess one of the design goals of the Hurd is to NOT depend on the > >>>implementation of a server. As far as I know, we don't want to ask "is > >>>the implementation of this server trustible?" but ask "is the source > >>>where I got this cap trustible?". We want to allow the user to replace > >>>system components. To e.g. run a new task that uses a different proc > >>>server. So the user says that to it's shell and the shell gives the > >>>right cap to the newly created task. But marcus identified sth. like > >>>your "identify" operation as necessary, AFAIK. > > You mix up two things here (or me). Identify (or > cmp/map_lookup/whatever) says whether the cap a client passed to a > server was mapped by the server (in kernel-based caps). See > http://os.inf.tu-dresden.de/pipermail/l4-hackers/2005/002140.html.
Ah. We are talking about two different identify operations. In EROS, the identify operation tells you whether the service *named* by a capability is the service you think it is. In particular, if I hold a capability to the constructor for service X, and you pass me a capability to service X, I can ask the constructor if the capability names a process that it created. I can see that we will need to be explicit about which identify operation we mean in the future. Thanks for making this clear. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
