"Volkmar Uhlig" volkmar@ira.uka.de writes:
Next problem:
The server must then run some function:
get_permissions(sender-id, file-id) -> permissions
to determine what operations are permitted. Note that if this operation is performed faithfully and correctly, it is impossible to emulate correctly the behavior of the UNIX I_SENDFD socket operation without many additional calls to a shared service -- the design of the operation makes descriptor transfer an inherently expensive operation.
I would say that is a weak argument considering all the shortcomings of the POSIX API. Implementing fork within a distributed system is very expensive--so what? We know for more than 10 years that fork is broken. I will look into I_SENDFD into more detail and try to give you a satisfactory answer.
This is related to the problem the L4/Hurd people discussed some month ago. They also have the problem how to transfer access rights from one thread to another in a save way. If I remember correctly they came up with a protocol solving this problem. Maybe a short review of this discussion will help.
Regards, Jean