This concept was using segments to give very low-level access rights on
a per-object basis?
I think I saw it, and never looked closer for a few reasons:
- segments do not exist on anything but a i386+ (even i286- "segments"
are just abominations, and have nothing to do with real segments) in
any popular hardware.
- even where they exist, they are slow.
- protection that finegrained is theoretically nice, but a maintenance
nightmare. In theory it is the best kind of protection, in practice
you won't find anybody who will program a non-trivial program using
them correctly and securely (I claim that even ACL's have this
problem, and ACL's are much simpler)
I personally do not believe in object orientation as a security model
(nor as a general programming paradigm), but feel free to try to
convince me.
[ Or maybe I confuse you with somebody else and some other posting ]
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu