Re: hurd progress and bugs
On Thu, 27 Jul 2000, Edmund GRIMLEY EVANS wrote:
> Kalle Niemitalo <tosi@ees2.oulu.fi>:
>
> > I took a look at L4/Fiasco some months ago. Its IPC was quite unlike that
> > of Mach. With Mach, references to ports are much like Unix file
> > descriptors. With L4, they were more like IP addresses and IIRC they
> > could even be guessed -- but the recipient was always told who sent the
> > message, and could then reject unwelcome senders. I got the impression
> > that port-based authentication in the Hurd would not be trivial to port to
> > L4 or Fiasco.
>
> I like that analogy with file descriptors and IP addresses.
>
> I wonder if this is a fatal flaw in L4. If you want a secure OS with
> capabilities, probably this should be implemented at the microkernel
> interface. It's just another level of indirection, so it shouldn't
> cost too much.
>
Isn't this handled by the clans and chiefs mechanism? Hurd/L4 chiefs could
disallow extra-clan communication where the clan member wasn't known to
have the appropriate rights.
Reply to: