[NCLUG] capability based kernel design

John L. Bass jbass at dmsd.com
Sun Mar 18 19:50:18 MDT 2007


	For those interested, just google for "Linux LCAP".
	Michael Milligan                                   -> milli at acmeps.com

Since the early days of UNIX, the course grained protections of SUSER
access have been rightfully criticized. As students cloned UNIX architecture
in the form of BSD varients, Linux, and other POSIX clones this failing has
been one of the design flaws of UNIX that has persisted. There have been
several attempts to add capabilities to UNIX, but none became widely
adopted as a standard, in a form that has allowed SUSER to be completely
abandoned.

References include:

	http://en.wikipedia.org/wiki/Capability-based_security
	http://www.eros-os.org/essays/capintro.html
	http://www.imperialviolet.org/binary/pucs.pdf
	http://cap-lore.com/CapTheory/
        http://www.cs.washington.edu/homes/levy/capabook/

John



More information about the NCLUG mailing list