[Cryptography] Capability Systems (was Re: ORWL - The First Open Source, Physically Secure Computer)
Rob Meijer
pibara at gmail.com
Tue Aug 30 19:48:32 EDT 2016
2016-08-30 23:37 GMT+02:00 Ben Laurie <ben at links.org>:
> On 30 August 2016 at 22:24, Perry E. Metzger <perry at piermont.com> wrote:
> > I hope these ideas get spread around. They're a critical tool for
> > security architecture. (And I hope to someday see Capsicum as part of
> > the mainline Linux kernel.)
>
> For the impatient: http://capsicum-linux.org/.
>
The openat stuff looks interesting. It may be of interest to note that was
this discussion 10 years back:
http://osdir.com/ml/linux.kernel.lsm/2006-10/threads.html
that indirectly led to at that time was basically a workaround for openat
not allowing directory
file handles to be used as capabilties passible of unix domain sockets:
http://www.linuxjournal.com/magazine/minorfs?page=0,0
By the way, one thing that has been a growing concern with respect to the
use dir/file handles
in multi process setups is the fact that there doesn't seem to be a single
memory secure, let alone
capability secure programming language that supports good old file handle
passing over
unix domain sockets. Has the capsicum project given any thought about
providing a capability
based stack (like the AppArmor/MinorFS/E-language stack described in my
above article) ?
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160831/e0903652/attachment.html>
More information about the cryptography
mailing list