Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The answer to that for a capability-based system would be to not grant a process access to /Users, but instead give it an opaque handle that grants access to /Users/delinka. It's definitely not how unix systems work (where you need read access to all of the parents to access a child directory), but in a capability-based system it makes sense IMO.


You don't need read access to all parents (on Linux and BSDs at least) -- a privileged can pass a dirfd to a less privileged process and that process can access paths under that dirfd without any permission checks being done for parent directories of the dirfd.


This is correct. But this is not traversing a path, or even knowing it.


The comment was refuting the claim, "where you need read access to all of the parents to access a child directory."


You don't need read access, only execute access.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: