re adding capcicum to a framework / runtime. I should add to this. , in terms of a framework i added capcicum , enter cap mode to mono on BSD in about 2-3 days nearly all of which was undertsanding the insides of mono and adding the relevant capsicum libs.. This does a bit eg it will load the assemblies etc but just before the mono c part passes control to the compiled CIL code it went into capcicum mode . After this reflection and things like that will cease to work , my idea at the time was to use the newer cap friendly Windows.Foundatiion ( winrt) style .NET apis and capcicum would pick up the things that were broken as well as providing a sandbox.
You could add it to rust and do a similar thing , at present Rust heavily relies on stdlib such APIs would need to be all changed to use Capcicum Angels. For rust on windows they rely on MinGW to build it etc , again the APIS would need to change to call winrt libs and the OS will provide the sandbox, that said winrt has almost no support for non gui apps and rust has no support for gui aps ( except via c libs) .. Such a framework probably has a higher chance of being accepted on the server space than a Mono based one and solves some very specific problems. On Thu, Jul 25, 2013 at 11:14 AM, Bennie Kloosteman <[email protected]>wrote: > "Does windows have anything comparable to capcicum?" > > Yes and No.. > > For windows desktop apps there is nothing .. The Winrt api for "store > apps" however is a very impressive , it takes capabilities further than > android though is a much more limiting user environment ( no shared > memory , only charms for IPC , no add ons / late loading etc etc ) . > > Ben > > > On Thu, Jul 25, 2013 at 12:12 AM, David Jeske <[email protected]> wrote: > >> On Tue, Jul 23, 2013 at 9:32 PM, Ben Kloosterman <[email protected]>wrote: >> >>> Yes , This is pretty much what capcicum does. >>> >> >> I re-read the paper to remind myself how it works, and I agree capcicum >> does look like a great set of mechanisms. >> >> >> http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf >> >> >> Like you said, the next step is for us to create a loader/environment >> which secures applications before launching them. However, this is a small >> issue compared to getting capcicum into kernels. >> >> Does windows have anything comparable to capcicum? >> >> >> >> _______________________________________________ >> bitc-dev mailing list >> [email protected] >> http://www.coyotos.org/mailman/listinfo/bitc-dev >> >> >
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
