Sujet : Re: Capabilities, Anybody?
De : jgd (at) *nospam* cix.co.uk (John Dallman)
Groupes : comp.archDate : 10. Mar 2024, 18:14:39
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <memo.20240310171449.4308D@jgd.cix.co.uk>
References : 1
In article <Qry*
XE3Ez@news.chiark.greenend.org.uk>,
theom+
news@chiark.greenend.org.uk (Theo Markettos) wrote:
The C experience is fairly normal, as long as you are actually
playing by the C rules. You can't arbitraily cast integers to
pointers - if you plan to do that you need to use intptr_t so
the compiler knows to keep the data in a capability so it can
use it as a pointer later.
Makes sense, though it will require updating of older code for the rules
being more thoroughly enforced. Not a bad thing.
Tricks which store data in the upper or lower bits of pointers are
awkward.
Not compatible with Aarch64 Pointer Authentication, but CHERI should be a
functional replacement anyway.
Changes in a 6M LoC KDE desktop codebase were 0.026% of lines:
https://www.capabilitieslimited.co.uk/_files/ugd/f4d681_e0f23245dace
466297f20a0dbd22d371.pdf
15,000 or so changes. Quite a lot. Is the code backwards-compatible to a
conventional C platform?
Sandboxing involves dividing code into compartments; that involves
some decision making as to where you draw the security boundaries.
There aren't good tools to do that (they are being worked on).
CHERI offers you the tools to implement whatever compartmentalisation
stategy you wish, but it's not quite as simple as just recompiling.
I have a slightly odd case: the software I work on ships as a great big
shared library that's used in-process by its caller. It isn't any kind of
server, and doesn't use any IPC; in concept it's a huge math library that
asks the caller to allocate memory for it. So it needs to share a heap
with the caller. Presumably that model is workable?
... we're running on FreeBSD
That was a point against my experimenting with Morello when we were
offered it last year; the requirement to port to FreeBSD first. Morello
Linux seems insufficiently mature at present; do you have any idea of the
timescale for it to be robustly usable for porting application code by
someone who isn't experienced in Linux internals?
John
Date | Sujet | # | | Auteur |
9 Mar 24 | Capabilities, Anybody? | 78 | | Lawrence D'Oliveiro |
9 Mar 24 | Re: Capabilities, Anybody? | 74 | | mitchalsup@aol.com (MitchAlsup1) |
9 Mar 24 | Re: Capabilities, Anybody? | 1 | | BGB |
9 Mar 24 | Re: Capabilities, Anybody? | 71 | | BGB |
9 Mar 24 | Re: Capabilities, Anybody? | 61 | | Robert Finch |
9 Mar 24 | Re: Capabilities, Anybody? | 1 | | Lawrence D'Oliveiro |
10 Mar 24 | Re: Capabilities, Anybody? | 59 | | BGB |
10 Mar 24 | Re: Capabilities, Anybody? | 1 | | Chris M. Thomasson |
10 Mar 24 | Re: Capabilities, Anybody? | 57 | | Theo Markettos |
10 Mar 24 | Re: Capabilities, Anybody? | 4 | | John Dallman |
11 Mar 24 | Re: Capabilities, Anybody? | 3 | | Theo |
17 Mar 24 | Re: Capabilities, Anybody? | 2 | | John Dallman |
18 Mar 24 | Re: Capabilities, Anybody? | 1 | | Robert Finch |
10 Mar 24 | Re: Capabilities, Anybody? | 19 | | MitchAlsup1 |
11 Mar 24 | Re: Capabilities, Anybody? | 18 | | Theo Markettos |
11 Mar 24 | Re: Capabilities, Anybody? | 10 | | MitchAlsup1 |
11 Mar 24 | Re: Capabilities, Anybody? | 9 | | Theo Markettos |
11 Mar 24 | Re: Capabilities, Anybody? | 1 | | George Neuner |
11 Mar 24 | Re: Capabilities, Anybody? | 7 | | Michael S |
11 Mar 24 | Re: Capabilities, Anybody? | 1 | | Michael S |
11 Mar 24 | Re: Capabilities, Anybody? | 5 | | Michael S |
11 Mar 24 | Broken Date formats | 4 | | Michael S |
11 Mar 24 | Re: Broken Date formats | 3 | | Michael S |
11 Mar 24 | Re: Broken Date formats | 2 | | Michael S |
11 Mar 24 | Re: Broken Date formats | 1 | | Michael S |
11 Mar 24 | Re: Capabilities, Anybody? | 7 | | Chris M. Thomasson |
12 Mar 24 | Re: Capabilities, Anybody? | 6 | | Chris M. Thomasson |
13 Mar 24 | Re: Capabilities, Anybody? | 5 | | BGB |
14 Mar 24 | Re: Capabilities, Anybody? | 4 | | Chris M. Thomasson |
14 Mar 24 | Re: Capabilities, Anybody? | 3 | | BGB |
14 Mar 24 | Re: Capabilities, Anybody? | 2 | | Chris M. Thomasson |
16 Mar 24 | Re: Capabilities, Anybody? | 1 | | BGB |
10 Mar 24 | Re: Capabilities, Anybody? | 33 | | BGB |
11 Mar 24 | Re: Capabilities, Anybody? | 32 | | Robert Finch |
11 Mar 24 | Re: Capabilities, Anybody? | 31 | | BGB |
13 Mar 24 | Re: Capabilities, Anybody? | 30 | | Robert Finch |
13 Mar 24 | Re: Capabilities, Anybody? | 24 | | MitchAlsup1 |
13 Mar 24 | Re: Capabilities, Anybody? | 23 | | Robert Finch |
13 Mar 24 | Re: Capabilities, Anybody? | 21 | | MitchAlsup1 |
14 Mar 24 | Re: Capabilities, Anybody? | 20 | | Robert Finch |
14 Mar 24 | Re: Capabilities, Anybody? | 1 | | Lawrence D'Oliveiro |
14 Mar 24 | Re: Capabilities, Anybody? | 18 | | MitchAlsup1 |
14 Mar 24 | Re: Capabilities, Anybody? | 17 | | Lawrence D'Oliveiro |
14 Mar 24 | Re: Capabilities, Anybody? | 10 | | MitchAlsup1 |
14 Mar 24 | Re: Capabilities, Anybody? | 9 | | Lawrence D'Oliveiro |
15 Mar 24 | Re: Capabilities, Anybody? | 8 | | MitchAlsup1 |
15 Mar 24 | Re: Capabilities, Anybody? | 2 | | Chris M. Thomasson |
15 Mar 24 | Re: Capabilities, Anybody? | 1 | | Chris M. Thomasson |
15 Mar 24 | Re: Capabilities, Anybody? | 5 | | Lawrence D'Oliveiro |
15 Mar 24 | Re: Capabilities, Anybody? | 4 | | Chris M. Thomasson |
15 Mar 24 | Re: Capabilities, Anybody? | 3 | | Lawrence D'Oliveiro |
15 Mar 24 | Re: Capabilities, Anybody? | 2 | | Lawrence D'Oliveiro |
15 Mar 24 | Re: Capabilities, Anybody? | 1 | | Chris M. Thomasson |
14 Mar 24 | Re: Capabilities, Anybody? | 5 | | Lawrence D'Oliveiro |
15 Mar 24 | Re: Capabilities, Anybody? | 4 | | MitchAlsup1 |
15 Mar 24 | Re: Capabilities, Anybody? | 1 | | Lawrence D'Oliveiro |
18 Mar 24 | Re: Capabilities, Anybody? | 1 | | Paul A. Clayton |
18 Mar 24 | Re: Capabilities, Anybody? | 1 | | MitchAlsup1 |
15 Mar 24 | Re: Capabilities, Anybody? | 1 | | MitchAlsup1 |
14 Mar 24 | Re: Capabilities, Anybody? | 1 | | Theo Markettos |
13 Mar 24 | Re: Capabilities, Anybody? | 5 | | BGB |
14 Mar 24 | Re: Capabilities, Anybody? | 4 | | Robert Finch |
14 Mar 24 | Re: Capabilities, Anybody? | 3 | | BGB |
14 Mar 24 | Re: Capabilities, Anybody? | 1 | | Lawrence D'Oliveiro |
15 Mar 24 | Re: Capabilities, Anybody? | 1 | | MitchAlsup1 |
10 Mar 24 | Re: Capabilities, Anybody? | 9 | | Theo Markettos |
11 Mar 24 | Re: Capabilities, Anybody? | 8 | | BGB |
11 Mar 24 | Re: Capabilities, Anybody? | 2 | | Robert Finch |
12 Mar 24 | Re: Capabilities, Anybody? | 1 | | BGB |
12 Mar 24 | Re: Capabilities, Anybody? | 2 | | BGB |
12 Mar 24 | Re: Capabilities, Anybody? | 1 | | MitchAlsup1 |
14 Mar 24 | Re: Capabilities, Anybody? | 3 | | Theo Markettos |
14 Mar 24 | Re: Capabilities, Anybody? | 1 | | MitchAlsup1 |
14 Mar 24 | Re: Capabilities, Anybody? | 1 | | BGB |
9 Mar 24 | Re: Capabilities, Anybody? | 1 | | Lawrence D'Oliveiro |
9 Mar 24 | Re: Capabilities, Anybody? | 3 | | Robert Finch |
9 Mar 24 | Re: Capabilities, Anybody? | 2 | | Lawrence D'Oliveiro |
9 Mar 24 | Re: Capabilities, Anybody? | 1 | | Robert Finch |