[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Introducing Codezero

From: Bas Wijnen
Subject: Re: [ANNOUNCE] Introducing Codezero
Date: Sun, 26 Jul 2009 08:13:09 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

On Sun, Jul 26, 2009 at 02:05:02AM +0100, Sam Mason wrote:
> On Sat, Jul 25, 2009 at 07:36:11PM +0300, Bahadir Balban wrote:
> > Having all capabilities maintained by the microkernel will add policy to
> > it and inflate it, so it will somewhat deviate from a rigorous
> > microkernel design. If you believe that to be more appropriate for
> > maintaining security, it may be a reasonable tradeoff for you.
> > 
> > However, a significant goal in Codezero is to remain generic for
> > building any OS core on top. In that respect, no OS specific policy is
> > allowed inside. Keeping userspace capabilities in the kernel would be
> > against that principle.
> I keep getting the feeling that you've "missed" the point of
> object-capability systems.

While the provided links may certainly help, I think the biggest
"conflict" is that Bahadir seems to be talking about unprotected
capabilities (but correct me if I'm wrong), while most people here
implicitly mean "capability" to be kernel-protected.  What I mean by
protection is that it is impossible (not just very hard) for a thread to
guess a capability, because when invoking, the kernel checks if you
actually have it.

This effect does indeed inflate the kernel, but it also has some good
effects on security, which cannot be achieved without kernel support.

Again, I'm not saying this is something you must aim for with CodeZero.
But it is something that IMO the Hurd should aim for (and I think most
people here agree, but I'm not even sure about that).


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://a82-93-13-222.adsl.xs4all.nl/e-mail.html

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]