filenames with a '/' -- help

[John Cowan]

In article <2845 at auspex.auspex.com> guy at auspex.auspex.com (Guy Harris) writes:
>I presume you [previous poster] mean "'open' would take the inode of a directory
>and the *name* of a file within that directory" - since you way it'd
>take "the inode of a directory" I presume that by "inode" you mean some
>reference to the inode, in which case the "inode of (the) file" is what
>"open" would presumably (more-or-less) return.


Not quite.  What 'open' would really do under this scheme would be to accept
a >capability< for a directory, plus a file name, and return a capability
for the file in question.  A capability differs from an inode because it
contains coded information that validates the user's access rights.
A program (or shared library) would be handed two capabilities to start with:
one for the root, one for the current directory, and would be able to do
filename parsing given those operations.

A reasonable way to implement capabilities would be to use the inode plus
some random bits.  For each capability, the kernel must retain a copy of it,
and whenever a capability is passed in, the kernel checks whether it is
valid.  This makes Unix permissions syntax easy to arrange by having different
capability-bit combinations for the various permission rights.  Naturally,
the relation between the permissions themselves and the bits should be
protected by a cryptographically strong transformation....