Object capability security

0 0

Most software we write has the ability to do essentially anything: open sockets, spawn processes, perform long blocking computation, read arbitrary objects in memory, et cetera. Most tools for limiting what applications can do are opt-in; many of them are complex to use. This has important security implications; software can often be tricked into abusing those privileges that it didn’t really even need to have to begin with. The object-capability model is an alternative security model that reasons about cap