Re: hurd progress and bugs
Kalle Niemitalo <email@example.com>:
> I took a look at L4/Fiasco some months ago. Its IPC was quite unlike that
> of Mach. With Mach, references to ports are much like Unix file
> descriptors. With L4, they were more like IP addresses and IIRC they
> could even be guessed -- but the recipient was always told who sent the
> message, and could then reject unwelcome senders. I got the impression
> that port-based authentication in the Hurd would not be trivial to port to
> L4 or Fiasco.
I like that analogy with file descriptors and IP addresses.
I wonder if this is a fatal flaw in L4. If you want a secure OS with
capabilities, probably this should be implemented at the microkernel
interface. It's just another level of indirection, so it shouldn't
cost too much.
If you were going to replace thread IDs by capability-like ports,
then, apart from messages and memory allocation, you would also have
to be able to pass a port down a port.
L4 also lets a thread donate the rest of its time slice to another
thread. I don't know how much sense that would make with ports ...