On Thu, Feb 12, 2015 at 2:27 AM, Norman Feske <[email protected]> wrote: > Under the hood, when passing a Genode capability as argument to an RPC > call, all three seL4 endpoint capabblilities will be transferred. When > such a Genode capability is handed back to the component, the third > received seL4 capability can be used to re-identify the context > associated with the Genode capability because its badge was imprinted > locally by the component.
Doesn't the fact that these three capabilities are not bound together in any way lead to problems? What if a malicious server juggled a few capabilities, replacing the third capability in a response with a different third capability from an earlier request, for example? > Norman -- Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com _______________________________________________ Devel mailing list [email protected] https://sel4.systems/lists/listinfo/devel
