From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-09-06 05:30:52 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.tele.dk!small.news.tele.dk!130.133.1.3!fu-berlin.de!uni-berlin.de!b863d.pppool.DE!not-for-mail
From: dmitry@elros.cbb-automation.de (Dmitry A. Kazakov)
Newsgroups: comp.lang.ada
Subject: Re: Progress on AdaOS
Date: Thu, 06 Sep 2001 12:33:48 GMT
Message-ID: <3b9768b6.1671036@news.cis.dfn.de>
References: <mailman.999540904.22317.comp.lang.ada@ada.eu.org>
 <3b95d429.592218@news.cis.dfn.de> <3B9654AE.CD4382ED@san.rr.com>
NNTP-Posting-Host: b863d.pppool.de (213.7.134.61)
X-Trace: fu-berlin.de 999779446 6045946 213.7.134.61 (16 [77047])
X-Newsreader: Forte Free Agent 1.21/32.243
Xref: archiver1.google.com comp.lang.ada:12791
Date: 2001-09-06T12:33:48+00:00
List-Id: <comp.lang.ada>

On Wed, 05 Sep 2001 16:37:03 GMT, Darren New <dnew@san.rr.com> wrote:

>> I think in an OO OS there should be more fine grained properties. For
>> instance there should be different access policies regarding the
>> object itself and its methods. For instance, an object created by a
>> more privileged user [object] might have methods available for less
>> privileged users [object]. Further, these methods can be executed
>> either on the caller's or callee's [supervisor calls] contexts etc
>> etc.
>
>You're going too much back into traditional OSes. An OO OS works quite
>well when modeled with capabilities. Generally, you can easily model a
>capability as an address+password. Say, a 64-bit address concatenated
>with a 64-bit "password" of random bits that the object can check for
>validity. Different passwords on the same address give you the varying
>privledge levels you're looking for. (64 is probably too small a number
>for either of those, these days.)

That's not safe, because the "password" and the code that checks can
be faked.

It is generally no problem if object's code is executed on the
caller's context. An exception may in worst case destroy the caller.
But definitely there should be objects with methods executed on some
more privileged context, no matter if the object itself exists in the
caller's one.

Regards,
Dmitry Kazakov