Comparing IPC and capability invocation
jean.wolter at inf.tu-dresden.de
Fri Dec 12 09:42:22 CET 2003
"Volkmar Uhlig" <volkmar at ira.uka.de> writes:
> > Next problem:
> > The server must then run some function:
> > get_permissions(sender-id, file-id) -> permissions
> > to determine what operations are permitted. Note that if this
> > operation is performed faithfully and correctly, it is impossible
> > to emulate correctly the behavior of the UNIX I_SENDFD socket
> > operation without many additional calls to a shared service -- the
> > design of the operation makes descriptor transfer an inherently
> > expensive operation.
> I would say that is a weak argument considering all the shortcomings of
> the POSIX API. Implementing fork within a distributed system is very
> expensive--so what? We know for more than 10 years that fork is broken.
> I will look into I_SENDFD into more detail and try to give you a
> satisfactory answer.
This is related to the problem the L4/Hurd people discussed some month
ago. They also have the problem how to transfer access rights from one
thread to another in a save way. If I remember correctly they came up
with a protocol solving this problem. Maybe a short review of this
discussion will help.
More information about the l4-hackers