Capability Systems (24 May 2004)
400th entry!
You have probably noticed that the Janie Box has been replaced with a link-roll powered by del.icio.us. It's only updated when I regenerate the site, which is a manual process and not on a cron job at the moment. But if you're bored the site is generally a good source of cool links.
Also, I've ticked off one of my todo items: writing the text on capability systems:
When you go to the liquor store, do you hand the cashier your wallet, and ask him to take out what it costs?
Nope? Then why can your mp3 player read ~/.gnupg/secring.gpg?.
We have ridiculous amounts of ambient authority floating around our programs. A capability system not only allows us to move towards a design conforming to the principal of least authority, but creates a cleaner design at the same time.
(Read the rest: Practical UNIX Capability Systems)