Re: [Hurd-alpha-devel] Re: L4 instead of gnumach?
On 30 Oct 2000, Niels Möller wrote:
> Erik Verbruggen <email@example.com> writes:
> What about security? I don't know L4 much (although a read some paper
> on it a long time ago, the last time Hurd on L4 was discussed). My
> impression was that L4 was a lot different from Mach. As the HURD
> relies quite heavily on things like send rights, how heavy is it to do
> something comparable on L4? Can it be done without erasing the
> performance advantage?
> (I believe managing send rights is a sane way to deal with security in
> a complex system. So I don't think it is good enough to just try to
> change the HURD's model to fit L4; after all, one of the points of
> the Hurd-L4 thing is to make the HURD less dependent on particular
> micro-kernels. To do that, one need to identify the features that are
> essential to the HURD, and find out the best way to get them on each
> kernel one is interested in).
I haven't looked closely enough at the HURD source, but different servers
(translators) probably have different security requirements. I think a
good way to implement this would be to implement libraries for different
ways of communicating. There could be one implementation of these for
every microkernel, and parts of them could be implemented as macros or
inlined functions for performance. There could be one library for simple
one-time messages with no authentication required, one for servers
requiering user authentication, one for mach-like ports, and so on.
Maybe this clashes totally with MiG, though. I don't know.