Assignment 12, Solutions
Part of
the homework for 22C:112, Fall 2012
|
The Unix file model uses an open-file table indexed by file descriptor (a small integer), where each open-tile table entry contains a pointer to an open-file data structure and the user's access rights to that file.
The link table of a Demos task, indexed by link ID, holds links, where each link enables the task that holds it to send messages to some destination task and has associated rights such as the right to duplicate a link.
These are all examples of capability-based security models. The page table, the open file table, and the link table can all be considered to be capability lists.
a) What are the primitive operations on pages, open files, and links? (Exclude composite operations, where operation c is the same as operation a followed by operation b; these composites typically exist because of the high expense of kernel calls). (0.5 points)
Pages can be read, written and executed.
Open files can be read, written and executed. In addition, the seek operation and the close operation apply.
Demos links can be reused, they can be duplicated, and they can be included in a message. In addition, Demos links, if valid, can be used to send messages.
b) What are the access rights typically applicable to pages, to open files, and to links? (0.5 points)
Pages have read, write and execute rights.
Open files have read, write and execute rights.
Demos links have the right to reuse, the right to duplicate, and the right to include in a message.
c) With reference to your answers to parts a) and b), is there any sense in which these systems are distinct from each other? That is, does one support operations on capabilities that are essentially different from the others in some way, or does one have a different relation between the sets of operations and the sets of rights than the other has? (0.5 points)
The basic set of rights in Demos is obviously completely different in spirit from the rights permitted for open files and pages in a Unix like system.
A question: Whis system does the rudimentary access-controlo-list mechanism of Unix use? The easiest way to do this is to use the chmod shell command to set the user, group and other rights on an example file created for the purpose of the experiment, and see what rights you end up with for the file. (0.5 points)
Unix (or at least Linux) takes the first match, not the Union. Here is an experiment to demonstrate this, changing the access rights on a file so that the owner has read-only access while the public has read-write access:
[jones@serv16 ~]$ ls -l t -rw------- 1 jones 32879 44 May 3 2012 t [jones@serv16 ~]$ chmod u-w t [jones@serv16 ~]$ chmod o+w t [jones@serv16 ~]$ ls -l t -r------w- 1 jones 32879 44 May 3 2012 t [jones@serv16 ~]$ cat < /dev/null > t t: Permission denied.
Hint: Feel free to use man 2 command to get the definitions of any Unix kernel commands you might not previously have encountered. (1.0 point)
All of the following would be done in Demos by messages to one or another server process:
- fork() -- messages to the process manager
- execve() -- probably just read the file into a process's memory
- read() -- messages to the device driver or file system
- write() -- same
- close() -- same
- mount() -- messages to the file system
- signal() -- probably just send a message to a process
The following probably correspond directly to Demos primitives:
- exit()
- sigaction() -- tell Demos to interrupt me on message receipt
The following could not be supported under Demos:
- mmap() -- Demos has no virtual memory