Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why not?

Answering the question: “Can this process access this resource?” is equivalent to solving the halting problem.

There’s a reason simpler access control models are popular. Even ACLs are completely untenable in practice. Look at all the trouble accidentally-public s3 buckets create.



Now I am aware that answering the question is np-hard, but why (and how) is it equivalent to solving the halting problem?


A module has a line of code that gives the capability to the component we are asking about.

Is that line of code executed?

Replace the line with “halt”, and change the question to “Does this program halt?”




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: