
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 09/07/2013 12:04 AM, Ben Laurie

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAG5KPzxOkOQ09-McqNQe-uM89DaTh=vEkL0Aj5dka+zhyG3S7w@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div class="gmail_extra"><br>

          <div class="gmail_quote">On 26 August 2013 22:43, Perry E.

            Metzger <span dir="ltr"><<a moz-do-not-send="true"

                href="mailto:perry@piermont.com" target="_blank">perry@piermont.com</a>></span>

            wrote:<br>

            <blockquote class="gmail_quote" style="margin:0 0 0

              .8ex;border-left:1px #ccc solid;padding-left:1ex">

              <div id=":40q" style="overflow:hidden">(I would prefer to

                see hybrid capability systems in such<br>

                applications, like Capsicum, though I don't think any

                such have been<br>

                ported to Linux and that's a popular platform for such

                work.)</div>

            </blockquote>

          </div>

          <br>

          FWIW, we're working on a Linux port of Capsicum. Help is

          always welcome :-)</div>

        <div class="gmail_extra"><br>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

The cryptography mailing list

<a class="moz-txt-link-abbreviated" href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>

<a class="moz-txt-link-freetext" href="http://www.metzdowd.com/mailman/listinfo/cryptography">http://www.metzdowd.com/mailman/listinfo/cryptography</a></pre>

    </blockquote>

    I implemented a lightweight, tightly-focused (well, it started out

    that way), capabilities-like system for Android kernels last year. 

    It was a monumental PITA<br>

       largely due to interior kernel-side APIs changing so frequently

    across kernel versions.<br>

    <br>

    We had mechanisms for binding "capabilities" to ELF binaries in a

    way that the kernel could verify.<br>

    <br>

    The project failed, largely because it kept being dragged around by

    marketing so often, that we never got it really nicely robust in any

    given direction.<br>

      "This week, it's a floor polish.  Next week, it's a turbine

    maintenance system."<br>

    <br>

    <br>

  </body>

</html>