Assignment 12, Solutions

Part of the homework for 22C:112, Fall 2012
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Background: In a paged memory virtual memory system, the page table is indexed by the page number field of the virtual address, and each page-table entry contains the location of a page (what page frame is it in) and the access rights for that page.
The Unix file model uses an open-file table indexed by file descriptor (a small integer), where each open-tile table entry contains a pointer to an open-file data structure and the user's access rights to that file.
The link table of a Demos task, indexed by link ID, holds links, where each link enables the task that holds it to send messages to some destination task and has associated rights such as the right to duplicate a link.
These are all examples of capability-based security models. The page table, the open file table, and the link table can all be considered to be capability lists.
a) What are the primitive operations on pages, open files, and links? (Exclude composite operations, where operation c is the same as operation a followed by operation b; these composites typically exist because of the high expense of kernel calls). (0.5 points)

Pages can be read, written and executed.
Open files can be read, written and executed. In addition, the seek operation and the close operation apply.
Demos links can be reused, they can be duplicated, and they can be included in a message. In addition, Demos links, if valid, can be used to send messages.

b) What are the access rights typically applicable to pages, to open files, and to links? (0.5 points)

Pages have read, write and execute rights.
Open files have read, write and execute rights.
Demos links have the right to reuse, the right to duplicate, and the right to include in a message.

c) With reference to your answers to parts a) and b), is there any sense in which these systems are distinct from each other? That is, does one support operations on capabilities that are essentially different from the others in some way, or does one have a different relation between the sets of operations and the sets of rights than the other has? (0.5 points)

The basic set of rights in Demos is obviously completely different in spirit from the rights permitted for open files and pages in a Unix like system.
Background: In a system that uses access-control lists that include both entries for individual users and entries for sets of users (such as a wildcard entry for others or entries for groups of users), there are two obvious ways to search for a given user's rights:
- Linear search through the access-control list, stopping when the first entry is found that matches the user attempting to gain access. The rights in that entry are the rights for the user. The order of the entries in the access control list matters!
- Take the union of the rights in all of the entries that match the given user, and grant those to the user. The order of the access control list entries is irrelevant.
A question: Whis system does the rudimentary access-controlo-list mechanism of Unix use? The easiest way to do this is to use the chmod shell command to set the user, group and other rights on an example file created for the purpose of the experiment, and see what rights you end up with for the file. (0.5 points)
Unix (or at least Linux) takes the first match, not the Union. Here is an experiment to demonstrate this, changing the access rights on a file so that the owner has read-only access while the public has read-write access:
```
[jones@serv16 ~]$ ls -l t
-rw------- 1 jones 32879 44 May  3  2012 t
[jones@serv16 ~]$ chmod u-w t
[jones@serv16 ~]$ chmod o+w t
[jones@serv16 ~]$ ls -l t
-r------w- 1 jones 32879 44 May  3  2012 t
[jones@serv16 ~]$ cat < /dev/null > t
t: Permission denied.
```
A question: Demos is an excellent example of an operating system with what is now sometimes described as a microkernel in order to distinguish it from the much larger kernel in systems like Unix or Linux. Which of the following commonplace kernel calls in Unix or Linux correspond to single kernel calls in a system such as Demos, which would be implemented by Demos server processes instead of the kernel, and which would be impossible to support in a Demos system:
1. fork()
2. execve()
3. exit()
4. read()
5. write()
6. close()
7. mmap()
8. mount()
9. signal()
10. sigaction()
Hint: Feel free to use man 2 command to get the definitions of any Unix kernel commands you might not previously have encountered. (1.0 point)
All of the following would be done in Demos by messages to one or another server process:
1. fork() -- messages to the process manager
2. execve() -- probably just read the file into a process's memory
3. read() -- messages to the device driver or file system
4. write() -- same
5. close() -- same
6. mount() -- messages to the file system
7. signal() -- probably just send a message to a process
The following probably correspond directly to Demos primitives:
1. exit()
2. sigaction() -- tell Demos to interrupt me on message receipt
The following could not be supported under Demos:
1. mmap() -- Demos has no virtual memory