25 Sep
2017
25 Sep
'17
6:14 p.m.
I have known about capsicum (& have been a fan of capabilities since
late 70s - even used a form of them in my last job!) but my point was to
suggest unix kernel simplification and something like that may fall out
naturally rather than having to be bolted on. Rather than write an OS
from scratch, incrementally evolve what works. Writing something from
scratch is always easier but you also end up relearning the same
lessons + much harder to get acceptance. But an embrace and extend
model ala C to C++ or what GNU programs have done stands a better
chance. Except that I’m suggesting “extending” by simplifying!
On Sep 25, 2017, at 8:45 AM, Tony Finch
<dot(a)dotat.at> wrote:
Bakul Shah <bakul(a)bitblocks.com> wrote:
I think a few changes can make Unix much more plan9 like.
Things like: file descriptors are actually capabilities (or
handles, for short) and each process starts with a set of
handles and it can only reach those resources that its handles
allow. It can also gain new handles via operations on existing
handles. Right here you can see that a process is already
sandboxed. You don't need containers or jails!
You can opt-in to this way of working by using the capsicum API,
http://www.cl.cam.ac.uk/research/security/capsicum/
but that's really intended for programs to discipline themselves rather
than as something pervasive.
Tony.
--
f.anthony.n.finch <dot(a)dotat.at> http://dotat.at/ - I xn--zr8h punycode
Portland, Plymouth, Biscay: Northwest 4 or 5, becoming variable 3 or 4 later.
Moderate or rough, becoming slight or moderate. Mainly fair. Moderate or good.