On Sun, 2006-02-12 at 16:33 -0300, Leonardo Pereira wrote: > I have a simple doubt. It is possible that it was already debated, but > I didn't found nothing about it. > > When you run a program, you can give a capabilitie to it and it will > be able to use something or open some files. But what will happen if I > use an interpreter? how the system will know what capabilities the > interpreted program will have?
Leonardo: I think you are confused about what a capability is. In Coyotos or L4.sec, a capability is not data. It is a structure protected by the OS. The OS does *not* know what capabilities an interpreted program can use, but it *does* know what capabilities the *interpreter* has, and it knows that no action taken by the interpreted program can exceed the authority available to the interpreter that interprets the program. When you are trying to understand this type of question, it may be useful to ask "what would happen in UNIX if..." and substitute "file descriptor" for "capability". A capability is simply a descriptor. The deficiency of UNIX is that it does not use descriptors more universally. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
