From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-09-07 08:58:43 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!newsfeed.direct.ca!look.ca!border1.nntp.aus1.giganews.com!nntp.giganews.com!news-east.rr.com!news-west.rr.com!lsnws01.we.mediaone.net!typhoon.san.rr.com!not-for-mail Message-ID: <3B98EEA2.179DD2A1@san.rr.com> From: Darren New Organization: Boxes! X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Progress on AdaOS References: <3b95d429.592218@news.cis.dfn.de> <3B9654AE.CD4382ED@san.rr.com> <3b9768b6.1671036@news.cis.dfn.de> <3B97A5C7.3ED71528@san.rr.com> <3b9876e0.334859@news.cis.dfn.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 07 Sep 2001 15:58:30 GMT NNTP-Posting-Host: 24.165.20.126 X-Complaints-To: abuse@rr.com X-Trace: typhoon.san.rr.com 999878310 24.165.20.126 (Fri, 07 Sep 2001 08:58:30 PDT) NNTP-Posting-Date: Fri, 07 Sep 2001 08:58:30 PDT Xref: archiver1.google.com comp.lang.ada:12901 Date: 2001-09-07T15:58:30+00:00 List-Id: > If there is "a process that supplies a service", then it is another > process, i.e. the method is executed on another context. I'm not sure how you would enforce any sort of access control in the case of only having one context, actually. > This is > another case and a heavy weighted one. It would be very inefficient to > have a separate process for every object. It doesn't need to be a separate process for every object. Indeed, in Ameoba (Tannenbaum's OS), all the files are managed by one process. You have a capability for each file, a capability for each server, a capability for each directory, a capability for each process (so you can kill it, debug it, etc), and so on. You don't have a capability for each array or tagged object, for example, because you're not trying to protect them from yourself. I think I see what you're saying. An "OO" operating system isn't one in which every programming-language-level object is an OS-managed resource. An "OO" operating system is one where the data and the routines to manipulate that data are bundled together. E.g., where an image file provides the routines for getting and setting pixels, rather than being represented as an array of storage elements and an independent library for treating an array of storage elements as an image. > This will also exclude > passive objects [= Ada protected objects] which have no task > associated with. I think if you have the protected object in your data space, there's not much point in enforcing an administrative limitation on who can get to it. On the other hand, if your hardware supports capabilities directly, then there's no problem with doing this. Think of a capability as vaguely similar to a trap instruction, perhaps. You're granted a capability by the OS putting the address of the routine to call into the interrupt vectors where you can get to it with a system trap. The OS then checks that your arguments are legal. Same thing. > >Check out the EROS web site. Your objections don't make any sense in > >context. And I can't figure out what context they would make sense in. > > There is a general problem how to protect private parts [routines and > data]. In an Ada program, the compiler protects you. This level is not > enough safe for an OS. Burroughs seemed to make it work just fine. > >> But definitely there should be objects with methods executed on some > >> more privileged context, no matter if the object itself exists in the > >> caller's one. > > > >Well, maybe not "more privledged". Maybe "differently privledged". > > No matter. The rule is one cannot gain more privileges than granted. Right. And capabilities are one way of doing this. -- Darren New San Diego, CA, USA (PST). Cryptokeys on demand. Those who work hard with few results always value hard work over getting results.