Comparing IPC and capability invocation

Jean Wolter jean.wolter at
Fri Dec 12 09:42:22 CET 2003

"Volkmar Uhlig" <volkmar at> writes:

> > Next problem:
> > 
> > The server must then run some function:
> > 
> > 	get_permissions(sender-id, file-id) -> permissions
> > 
> > to determine what operations are permitted. Note that if this
> > operation is performed faithfully and correctly, it is impossible
> > to emulate correctly the behavior of the UNIX I_SENDFD socket
> > operation without many additional calls to a shared service -- the
> > design of the operation makes descriptor transfer an inherently
> > expensive operation.
> I would say that is a weak argument considering all the shortcomings of
> the POSIX API.  Implementing fork within a distributed system is very
> expensive--so what?  We know for more than 10 years that fork is broken.
> I will look into I_SENDFD into more detail and try to give you a
> satisfactory answer.

This is related to the problem the L4/Hurd people discussed some month
ago. They also have the problem how to transfer access rights from one
thread to another in a save way. If I remember correctly they came up
with a protocol solving this problem. Maybe a short review of this
discussion will help.


More information about the l4-hackers mailing list