Re: cap exchange race with map/unmap

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cap exchange race with map/unmap

From:	Jonathan S. Shapiro
Subject:	Re: cap exchange race with map/unmap
Date:	Wed, 19 Oct 2005 09:38:44 -0400

On Wed, 2005-10-19 at 14:21 +0200, Bas Wijnen wrote:

> What Marcus described was that A wants a capability from a server, and gets it
> via the cap server.  Then we have:
> 
> Server->CapServer->A
> 
> Then A copies its capability to B via the capability server.  Then it is
> Server->CapServer-->A
>                  `->B

Bas:

In order to make sure that your mental picture of this protocol is
precise, could you please resend it using my expanded notation, where
every transfer is explicitly state?

> I note that the capability server as a library approach isn't being discussed
> at the moment.  Is there something wrong with it?

As a transitional implementation for application bringup it's fine, but
I suspect that it is insecure. Can you describe it under a new subject
line, or point me at an existing description in the email archives?

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cap exchange race with map/unmap, (continued)

Prev by Date: Why COPY != SIMULATED COPY
Next by Date: Re: cap exchange race with map/unmap
Previous by thread: Re: cap exchange race with map/unmap
Next by thread: Re: cap exchange race with map/unmap
Index(es):
- Date
- Thread