On 09/07/2013 12:04 AM, Ben Laurie wrote:
On 26 August 2013 22:43, Perry E. Metzger <pe...@piermont.com
<mailto:pe...@piermont.com>> wrote:
(I would prefer to see hybrid capability systems in such
applications, like Capsicum, though I don't think any such have been
ported to Linux and that's a popular platform for such work.)
FWIW, we're working on a Linux port of Capsicum. Help is always
welcome :-)
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
I implemented a lightweight, tightly-focused (well, it started out that
way), capabilities-like system for Android kernels last year. It was a
monumental PITA
largely due to interior kernel-side APIs changing so frequently
across kernel versions.
We had mechanisms for binding "capabilities" to ELF binaries in a way
that the kernel could verify.
The project failed, largely because it kept being dragged around by
marketing so often, that we never got it really nicely robust in any
given direction.
"This week, it's a floor polish. Next week, it's a turbine
maintenance system."
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography