The second approach is to draw the line between processes. In this case the
capabilities are typically managed by the operating system, though it is possible
to imagine them being managed by a privileged process.
Examples of the operating system approach are Keykos[9], Amoeba[17],
EROS[14] and Coyotos[13]. Rather then access to the ”rest of the world” being
mediated by capability objects, such access is directly through a capability.
That is, in such systems, capabilities are natively supported by the system.
Plash[5] and userv[7] could be considered to be examples of the second type
of system, where capabilities are managed by a privileged process.
Once more authentication should not be needed in these systems when capabilities
are controlled by the operating system, but could be needed in the
case where capabilities are managed instead by a privileged process.
No comments:
Post a Comment